CVE-2019-10433

Beschreibung:
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CWE: CWE-312

CVSS-Bewertung
CVSS 2: LOW – 2.1 (Version: 2.0)
CVSS 3: LOW – 3.3 (Version: 3.1)

Links:

NVD – CVE-2019-10433
CVE – CVE-2019-10433

Link (max. 20) Quelle Tags
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423 CONFIRM Vendor Advisory Vendor Advisory
[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins MLIST Mailing List Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-862/ MISC Mailing List Third Party Advisory
[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability MLIST Mailing List Third Party Advisory
N/A N/A Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html MISC Patch Third Party Advisory
[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195 MLIST Mailing List Third Party Advisory
[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195 MLIST Mailing List Third Party Advisory
[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791 MLIST
[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791 MLIST
[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217) MLIST

Quelle: NVD – CVE-2019-10433
Datum Veröffentlichung: 2019-10-01T14:15Z, Datum letzte Änderung: 2021-05-10T22:02Z