CVE-2019-10452 – org.jenkins-ci.plugins:view26

Package

Manager: maven
Name: org.jenkins-ci.plugins:view26
Vulnerable Version: >=0 <=1.0.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00023 pctl0.04466

Details

Jenkins View26 Test-Reporting Plugin stores access token in plain text Jenkins View26 Test-Reporting Plugin stores an access token unencrypted in job `config.xml` files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix.

Metadata

Created: 2022-05-24T16:58:50Z
Modified: 2023-10-26T23:07:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5rc5-4c5c-4cwx/GHSA-5rc5-4c5c-4cwx.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-5rc5-4c5c-4cwx
Finding: F020
Auto approve: 1