CVE-2019-10313 – org.jenkins-ci.plugins:twitter

Package

Manager: maven
Name: org.jenkins-ci.plugins:twitter
Vulnerable Version: >=0 <=0.7

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0008 pctl0.24394

Details

Jenkins Twitter Plugin stores credentials in plain text Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix.

Metadata

Created: 2022-05-24T16:44:55Z
Modified: 2023-10-26T21:47:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x2cx-h7w4-q6x7/GHSA-x2cx-h7w4-q6x7.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-x2cx-h7w4-q6x7
Finding: F035
Auto approve: 1