CVE-2019-10434 – com.mtvi.plateng.hudson:ldapemail

Package

Manager: maven
Name: com.mtvi.plateng.hudson:ldapemail
Vulnerable Version: >=0 <=0.8

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00063 pctl0.19988

Details

Jenkins LDAP Email Plugin shows plain text password in configuration form Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Metadata

Created: 2022-05-24T16:57:28Z
Modified: 2023-01-28T01:16:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-53jw-4gwh-m8cm/GHSA-53jw-4gwh-m8cm.json
CWE IDs: ["CWE-256"]
Alternative ID: GHSA-53jw-4gwh-m8cm
Finding: F020
Auto approve: 1