CVE-2019-10460 – org.jenkins-ci.plugins:bitbucket-oauth

Package

Manager: maven
Name: org.jenkins-ci.plugins:bitbucket-oauth
Vulnerable Version: >=0 <0.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00012 pctl0.01107

Details

Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Metadata

Created: 2022-05-24T16:59:37Z
Modified: 2022-12-06T21:38:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-84h6-jf8x-ff2j/GHSA-84h6-jf8x-ff2j.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-84h6-jf8x-ff2j
Finding: F035
Auto approve: 1