CVE-2019-10476 – org.jenkins-ci.plugins:zulip

Package

Manager: maven
Name: org.jenkins-ci.plugins:zulip
Vulnerable Version: >=0 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00012 pctl0.01096

Details

Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials Jenkins Zulip Plugin prior to 1.1.1 stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Metadata

Created: 2022-05-24T16:59:38Z
Modified: 2022-12-06T21:43:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hfjr-m75m-wmh7/GHSA-hfjr-m75m-wmh7.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-hfjr-m75m-wmh7
Finding: F035
Auto approve: 1