Vulnerability Details CVE-2019-10361
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2019/07/31/1
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
- https://www.zerodayinitiative.com/advisories/ZDI-19-835/
- http://www.openwall.com/lists/oss-security/2019/07/31/1
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
- https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Products affected by CVE-2019-10361
-
cpe:2.3:a:jenkins:m2release:-
-
cpe:2.3:a:jenkins:m2release:0.1.0
-
cpe:2.3:a:jenkins:m2release:0.10.0
-
cpe:2.3:a:jenkins:m2release:0.11.0
-
cpe:2.3:a:jenkins:m2release:0.12.0
-
cpe:2.3:a:jenkins:m2release:0.13.0
-
cpe:2.3:a:jenkins:m2release:0.14.0
-
cpe:2.3:a:jenkins:m2release:0.2.0
-
cpe:2.3:a:jenkins:m2release:0.3.0
-
cpe:2.3:a:jenkins:m2release:0.3.1
-
cpe:2.3:a:jenkins:m2release:0.3.2
-
cpe:2.3:a:jenkins:m2release:0.3.3
-
cpe:2.3:a:jenkins:m2release:0.3.4
-
cpe:2.3:a:jenkins:m2release:0.4.0
-
cpe:2.3:a:jenkins:m2release:0.5.0
-
cpe:2.3:a:jenkins:m2release:0.5.1
-
cpe:2.3:a:jenkins:m2release:0.5.2
-
cpe:2.3:a:jenkins:m2release:0.5.3
-
cpe:2.3:a:jenkins:m2release:0.6.0
-
cpe:2.3:a:jenkins:m2release:0.6.1
-
cpe:2.3:a:jenkins:m2release:0.7.0
-
cpe:2.3:a:jenkins:m2release:0.7.1
-
cpe:2.3:a:jenkins:m2release:0.8.0
-
cpe:2.3:a:jenkins:m2release:0.8.1
-
cpe:2.3:a:jenkins:m2release:0.9.0
-
cpe:2.3:a:jenkins:m2release:0.9.1