GHSA-jrmf-xhr6-3428

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jrmf-xhr6-3428/GHSA-jrmf-xhr6-3428.json

Aliases

CVE-2019-10435

Published

2022-05-24T16:57:28Z

Modified

2023-03-18T05:56:01.167849Z

Details

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. As of the publication of the advisory, there are no patches and the plugin is unmaintained.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-10435
https://github.com/jenkinsci/vault-scm-plugin
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524
http://www.openwall.com/lists/oss-security/2019/10/01/2

Affected packages

Maven / org.jenkins-ci.plugins:vault-scm-plugin

org.jenkins-ci.plugins:vault-scm-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

1.*

1.1.1

Database specific

{
    "last_known_affected_version_range": "<= 1.1.1"
}