CVE-2019-10433

Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:dingding:*:*:*:*:*:jenkins:*:*

History

25 Oct 2023, 18:16

Type Values Removed Values Added
CWE CWE-256 CWE-312

22 Apr 2022, 19:56

Type Values Removed Values Added
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-19-862/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-19-862/ - Third Party Advisory, VDB Entry

12 May 2021, 20:43

Type Values Removed Values Added
CWE CWE-312 CWE-256

Information

Published : 2019-10-01 14:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-10433

Mitre link : CVE-2019-10433

CVE.ORG link : CVE-2019-10433


JSON object : View

Products Affected

jenkins

  • dingding
CWE
CWE-312

Cleartext Storage of Sensitive Information