GHSA-9m3c-xfhf-53mh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9m3c-xfhf-53mh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9m3c-xfhf-53mh/GHSA-9m3c-xfhf-53mh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9m3c-xfhf-53mh
- Aliases
-
- CVE-2019-10286
- Published
- 2022-05-13T01:15:05Z
- Modified
- 2024-02-16T08:04:36.966545Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins DeployHub Plugin stores credentials in plain text
- Details
-
Jenkins DeployHub Plugin stores credentials unencrypted in job
config.xmlfiles on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2019-04-04T16:29:00Z", "cwe_ids": [ "CWE-522" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-26T15:28:28Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10286
- https://github.com/jenkinsci/deployhub-plugin/commit/6ad56362087f6d34c3532a0962a881cd8a822394
- https://github.com/jenkinsci/deployhub-plugin
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-959
- http://www.openwall.com/lists/oss-security/2019/04/12/2
Affected packages
Maven / com.openmake:deployhub
Package
- Name
- com.openmake:deployhub
- View open source insights on deps.dev
- Purl
- pkg:maven/com.openmake/deployhub