VDB
CVE-2019-10398
CVE-2019-10398
PUBLISHED
CVSS 5.5 MEDIUM
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
EPSS 0.01% · 1.5th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.01%
1.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.jenkins-ci.plugins:beaker-builder | 0 |
| Jenkins project | Jenkins Beaker Builder Plugin | * |
| jenkins | beaker_builder | 0 |
Exploit Intelligence
Timeline
- Sep 12, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- [oss-security] 20190912 Multiple vulnerabilities in Jenkins plugins mailing-list
- https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-10398 advisory
- https://github.com/jenkinsci/beaker-builder-plugin/commit/be0101f3541a5d2c28cf226c8b2e55cd4cfc94da url