CVE-2019-10391
MEDIUMJenkins IBM Application Security on Cloud Plugin < 1.2.4 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/28/4
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1512
Scores
CVSS v3
6.5
EPSS
0.0006
EPSS Percentile
19.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (2)
com.hcl.security/ibm-application-security
0 - 1.2.5Maven
jenkins/ibm_application_security_on_cloud
< 1.2.4
Published
Aug 28, 2019
Tracked Since
Feb 18, 2026