All the vulnerabilites related to Jenkins project - Jenkins CloudCoreo DeployTime Plugin
cve-2019-10299
Vulnerability from cvelistv5
Published
2019-04-04 15:38
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107790 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2019/04/12/2 | mailing-list, x_refsource_MLIST | |
| https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Jenkins project | Jenkins CloudCoreo DeployTime Plugin |
Version: all versions as of 2019-04-03 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins CloudCoreo DeployTime Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "all versions as of 2019-04-03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:46:54.337Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins CloudCoreo DeployTime Plugin",
"version": {
"version_data": [
{
"version_value": "all versions as of 2019-04-03"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10299",
"datePublished": "2019-04-04T15:38:50",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:17:19.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}