CVE-2019-10461 – org.jenkins-ci.plugins:dynatrace-dashboard

Package

Manager: maven
Name: org.jenkins-ci.plugins:dynatrace-dashboard
Vulnerable Version: >=0 <2.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00012 pctl0.01096

Details

Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. ##NOTE: This plugin is marked as DEPRECATED

Metadata

Created: 2022-05-24T16:59:38Z
Modified: 2022-12-06T21:44:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xw9-qq9h-cr68/GHSA-6xw9-qq9h-cr68.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-6xw9-qq9h-cr68
Finding: F035
Auto approve: 1