CVE-2019-10448 – jenkins.xtc:extensivetesting

Package

Manager: maven
Name: jenkins.xtc:extensivetesting
Vulnerable Version: =1.4.4b

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00067 pctl0.21074

Details

Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Metadata

Created: 2022-05-24T16:58:49Z
Modified: 2022-11-02T00:05:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8x6c-375h-pm4f/GHSA-8x6c-375h-pm4f.json
CWE IDs: ["CWE-312", "CWE-522"]
Alternative ID: GHSA-8x6c-375h-pm4f
Finding: F028
Auto approve: 1