CVE-2019-10329 – org.jenkins-ci.plugins:influxdb

Package

Manager: maven
Name: org.jenkins-ci.plugins:influxdb
Vulnerable Version: >=0 <1.22

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00311 pctl0.53628

Details

Plaintext password storage in Jenkins InfluxDB Plugin Jenkins InfluxDB Plugin Prior to 1.22 stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Metadata

Created: 2022-05-24T22:00:03Z
Modified: 2023-10-26T16:15:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rv97-r8f7-8wmg/GHSA-rv97-r8f7-8wmg.json
CWE IDs: ["CWE-256", "CWE-522"]
Alternative ID: GHSA-rv97-r8f7-8wmg
Finding: F020
Auto approve: 1