CVE-2019-10443 – org.jenkins-ci.plugins:icescrum

Package

Manager: maven
Name: org.jenkins-ci.plugins:icescrum
Vulnerable Version: >=0 <1.1.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00118 pctl0.31382

Details

Jenkins iceScrum Plugin stores credentials in Cleartext Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

Metadata

Created: 2022-05-24T16:58:49Z
Modified: 2022-12-06T21:51:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-362p-56c9-q273/GHSA-362p-56c9-q273.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-362p-56c9-q273
Finding: F020
Auto approve: 1