CVE-2019-10363 – io.jenkins:configuration-as-code

Package

Manager: maven
Name: io.jenkins:configuration-as-code
Vulnerable Version: >=0 <1.25

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00051 pctl0.15607

Details

Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

Metadata

Created: 2022-05-24T16:51:51Z
Modified: 2022-06-28T22:37:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r69h-6c4g-63xf/GHSA-r69h-6c4g-63xf.json
CWE IDs: ["CWE-311", "CWE-319"]
Alternative ID: GHSA-r69h-6c4g-63xf
Finding: F020
Auto approve: 1