CVE-2019-10467

Description

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.047

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2019-10467 are fixed in Jenkins - sonar-gerrit 2.4.5	Windows
Vulnerabilities CVE-2019-10467 are fixed in Jenkins - sonar-gerrit for Linux 2.4.5	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234