Home

CVE-2019-10449

Description

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.09

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-10449 are fixed in Jenkins - fortify-on-demand-uploader 5.0.0Windows
Vulnerabilities CVE-2019-10449 are fixed in Jenkins - fortify-on-demand-uploader for Linux 5.0.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234