CVE-2019-10280 – org.jenkins-ci.plugins:assembla-auth

Package

Manager: maven
Name: org.jenkins-ci.plugins:assembla-auth
Vulnerable Version: >=0 <1.13

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0008 pctl0.24411

Details

Jenkins Assembla Auth Plugin stores credentials in plain text Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Metadata

Created: 2022-05-13T01:15:01Z
Modified: 2024-01-30T21:09:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wmq3-24jm-m8xh/GHSA-wmq3-24jm-m8xh.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-wmq3-24jm-m8xh
Finding: F035
Auto approve: 1