CVE-2019-10412

HIGH

Jenkins Inedo ProGet Plugin < 1.2 - Cleartext Transmission of Sensitive Information

Title source: llm

Description

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1514

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/09/25/3

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (2)

com.inedo.proget/inedo-proget 0 - 1.3Maven

jenkins/inedo_proget < 1.2

Published Sep 25, 2019

Tracked Since Feb 18, 2026