CVE-2019-10450 – com.elasticbox.jenkins-ci.plugins:elasticbox

Package

Manager: maven
Name: com.elasticbox.jenkins-ci.plugins:elasticbox
Vulnerable Version: >=0 <=5.0.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 7e-05 pctl0.00369

Details

Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Metadata

Created: 2022-05-24T16:58:50Z
Modified: 2022-11-02T00:05:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r9xc-54cq-99r7/GHSA-r9xc-54cq-99r7.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-r9xc-54cq-99r7
Finding: F020
Auto approve: 1