GHSA-6xw9-qq9h-cr68

Source

https://github.com/advisories/GHSA-6xw9-qq9h-cr68

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xw9-qq9h-cr68/GHSA-6xw9-qq9h-cr68.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6xw9-qq9h-cr68

Aliases

CVE-2019-10461

Published

2022-05-24T16:59:38Z

Modified

2023-11-08T04:00:52.766121Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials

Details

Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

NOTE: This plugin is marked as DEPRECATED

Database specific

{
    "nvd_published_at": "2019-10-23T13:15:00Z",
    "github_reviewed_at": "2022-12-06T21:44:47Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-522"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:dynatrace-dashboard

Package

Name: org.jenkins-ci.plugins:dynatrace-dashboard; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/dynatrace-dashboard

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.4

Affected versions

1.*

1.0.5

2.*

2.0.4

2.0.5

2.0.7

2.1.0

2.1.3