Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/10/01/2 | Mailing List Third Party Advisory |
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-19-862/ | Third Party Advisory VDB Entry |
Configurations
History
25 Oct 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 |
22 Apr 2022, 19:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-19-862/ - Third Party Advisory, VDB Entry |
12 May 2021, 20:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-256 |
Information
Published : 2019-10-01 14:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-10433
Mitre link : CVE-2019-10433
CVE.ORG link : CVE-2019-10433
JSON object : View
Products Affected
jenkins
- dingding
CWE
CWE-312
Cleartext Storage of Sensitive Information