CVE-2019-10461
First published: Wed Oct 23 2019(Updated: )
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Dynatrace Application Monitoring | <=2.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10461?
The severity of CVE-2019-10461 is considered high due to exposed stored credentials.
How do I fix CVE-2019-10461?
To fix CVE-2019-10461, upgrade the Dynatrace Application Monitoring Plugin to version 2.1.4 or later.
What type of vulnerability is CVE-2019-10461?
CVE-2019-10461 is a stored credential vulnerability affecting Jenkins Dynatrace Application Monitoring Plugin.
Who is affected by CVE-2019-10461?
Users of Jenkins with Dynatrace Application Monitoring Plugin version 2.1.3 and earlier are affected by CVE-2019-10461.
What is the impact of CVE-2019-10461?
The impact of CVE-2019-10461 is that unauthorized users can view unencrypted credentials stored in the global configuration file.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins dynatrace application monitoring
- version/jenkins dynatrace application monitoring/2.1.3