CVE-2019-10453

HIGH

Jenkins Delphix Plugin < 2.0.4 - Cleartext Storage of Sensitive Information in Global Configuration

Title source: llm
STIX 2.1

Description

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/16/6

Scores

CVSS v3 7.8
EPSS 0.0027
EPSS Percentile 18.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-312
Status published
Products (2)
jenkins/delphix < 2.0.4
org.jenkins-ci.plugins/delphix 0Maven
Published Oct 16, 2019
Tracked Since Feb 18, 2026