CVE-2019-10370
First published: Wed Aug 07 2019(Updated: )
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Mask Passwords | <=2.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10370?
CVE-2019-10370 is a vulnerability in Jenkins Mask Passwords Plugin 2.12.0 and earlier that transmits globally configured passwords as plain text, potentially exposing them.
What is the severity of CVE-2019-10370?
The severity of CVE-2019-10370 is medium with a severity value of 6.5 (out of 10).
How does CVE-2019-10370 affect Jenkins Mask Passwords Plugin?
CVE-2019-10370 affects Jenkins Mask Passwords Plugin 2.12.0 and earlier by transmitting globally configured passwords in plain text, potentially exposing them.
How can I fix CVE-2019-10370 in Jenkins Mask Passwords Plugin?
To fix CVE-2019-10370 in Jenkins Mask Passwords Plugin, update to a version newer than 2.12.0.
Is there any additional information about CVE-2019-10370?
Yes, you can find additional information about CVE-2019-10370 at the following references: http://www.openwall.com/lists/oss-security/2019/08/07/1 and https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- vendor/jenkins
- canonical/jenkins mask passwords
- version/jenkins mask passwords/2.12.0