CVE-2019-10320

MEDIUM

Jenkins Credentials Plugin <2.1.18 - Info Disclosure

Title source: llm
STIX 2.1

Description

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

References (7)

Scores

CVSS v3 4.3
EPSS 0.0011
EPSS Percentile 29.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-538
Status published
Products (2)
jenkins/credentials < 2.1.18
org.jenkins-ci.plugins/credentials 0 - 2.1.19Maven
Published May 21, 2019
Tracked Since Feb 18, 2026