CVE-2019-10414

MEDIUM

Jenkins Git Changelog < 2.17 - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 14.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/git_changelog < 2.17
de.wellnerbou.jenkins/git-changelog < 2.18Maven

Timeline

Published Sep 25, 2019
Tracked Since Feb 18, 2026