CVE-2019-10370

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Mask Passwords Plugin
Vendor: CVE Published:; 7 August 2019

Summary

Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.

Affected Version(s)

Jenkins Mask Passwords Plugin 2.12.0 and earlier

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

mailing-listx_refsource_MLIST

https://jenkins.io/security/advisory/2019-08-07/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2019
Vulnerability Reserved
Mar 29, 2019