CVE-2019-1010241
MEDIUMJenkins Credentials Binding Plugin 1.17 - Info Disclosure
Title source: llmDescription
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
CWE-257
Status
published
Affected Products (2)
jenkins/credentials_binding
org.jenkins-ci.plugins/credentials-binding
Maven
Timeline
Published
Jul 19, 2019
Tracked Since
Feb 18, 2026