CVE-2019-16568 – hudson.plugins.sctmexecutor:sctmexecutor

Package

Manager: maven
Name: hudson.plugins.sctmexecutor:sctmexecutor
Vulnerable Version: >=0 <=2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00027 pctl0.05835

Details

Jenkins SCTMExecutor Plugin stores credentials in plain text Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.

Metadata

Created: 2022-05-24T17:03:48Z
Modified: 2024-01-30T21:13:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rxph-cq38-gm3g/GHSA-rxph-cq38-gm3g.json
CWE IDs: ["CWE-319"]
Alternative ID: GHSA-rxph-cq38-gm3g
Finding: F017
Auto approve: 1