CVE-2019-10320 – org.jenkins-ci.plugins:credentials

Package

Manager: maven
Name: org.jenkins-ci.plugins:credentials
Vulnerable Version: >=0 <2.1.19

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00118 pctl0.31344

Details

Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

Metadata

Created: 2022-05-24T16:46:09Z
Modified: 2022-06-28T23:09:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xm94-9jw8-p6hw/GHSA-xm94-9jw8-p6hw.json
CWE IDs: ["CWE-200", "CWE-538"]
Alternative ID: GHSA-xm94-9jw8-p6hw
Finding: F009
Auto approve: 1