CVE-2019-10426
First published: Wed Sep 25 2019(Updated: )
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Credit: jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10426?
CVE-2019-10426 is classified as a medium severity vulnerability due to the exposure of unencrypted credentials.
How do I fix CVE-2019-10426?
To fix CVE-2019-10426, upgrade the Jenkins Gem Publisher Plugin to version 1.0 or later.
What versions of the Jenkins Gem Publisher Plugin are affected by CVE-2019-10426?
CVE-2019-10426 affects all versions of the Jenkins Gem Publisher Plugin prior to version 1.0.
What type of data is exposed in CVE-2019-10426?
CVE-2019-10426 exposes credentials stored unencrypted in the global configuration file.
Who is at risk due to CVE-2019-10426?
Users with access to the Jenkins master file system are at risk of viewing the exposed credentials due to CVE-2019-10426.
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/jenkins
- canonical/jenkins
- version/jenkins/1.0