CVE-2019-10450
First published: Wed Oct 16 2019(Updated: )
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Elasticbox Ci | <=5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-10450?
CVE-2019-10450 is a vulnerability in Jenkins ElasticBox CI Plugin that allows credentials to be stored unencrypted in the global config.xml configuration file, making them accessible to users with access to the Jenkins master file system.
How severe is CVE-2019-10450?
CVE-2019-10450 has a severity rating of 3.3, which is considered low.
How can I fix CVE-2019-10450?
To fix CVE-2019-10450, upgrade to Jenkins ElasticBox CI Plugin version 5.0.2 or later, as recommended by the Jenkins security advisory.
- collector/nvd-index
- collector/nvd-api
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins elasticbox ci
- version/jenkins elasticbox ci/5.0.1