CVE-2019-10302

HIGH

Jenkins Jira-ext < 0.8 - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108045

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

jenkins/jira-ext < 0.8

org.jenkins-ci.plugins/jira-ext < 0.9Maven

Timeline

Published Apr 18, 2019

Tracked Since Feb 18, 2026