CVE-2019-10430 – io.jenkins.plugins:neuvector-vulnerability-scanner

Package

Manager: maven
Name: io.jenkins.plugins:neuvector-vulnerability-scanner
Vulnerable Version: >=0 <1.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00032 pctl0.07659

Details

Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Metadata

Created: 2022-05-24T22:00:44Z
Modified: 2024-01-30T21:17:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3fpx-g9h3-hh8x/GHSA-3fpx-g9h3-hh8x.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-3fpx-g9h3-hh8x
Finding: F020
Auto approve: 1