← Retour aux CVEs

CVE-2019-10440

HIGH

8.8

Description

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie10/16/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

jenkins:neoload

Faiblesses (CWE)

CWE-312

References

http://www.openwall.com/lists/oss-security/2019/10/16/6(jenkinsci-cert@googlegroups.com)

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427(jenkinsci-cert@googlegroups.com)

https://www.zerodayinitiative.com/advisories/ZDI-19-932/(jenkinsci-cert@googlegroups.com)

http://www.openwall.com/lists/oss-security/2019/10/16/6(af854a3a-2127-422b-91ae-364da2661108)

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427(af854a3a-2127-422b-91ae-364da2661108)

https://www.zerodayinitiative.com/advisories/ZDI-19-932/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.