ZDI-19-932: Jenkins NeoLoad Cleartext Storage of Credentials Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins NeoLoad. Authentication is required to exploit this vulnerability. The specific flaw exists within the NeoLoad plugin. The issue results from storing credentials in plaintext. An attacker can leverage this vulnerability to execute code in the context of the build process.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Nerrvana |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-19-932?
The severity of ZDI-19-932 is considered moderate due to the requirement of authentication for exploitation.
How do I fix ZDI-19-932?
To fix ZDI-19-932, ensure that you do not store credentials in plain text and update the NeoLoad plugin to the latest version.
Who is affected by ZDI-19-932?
ZDI-19-932 affects installations of the Jenkins NeoLoad plugin.
What type of information can be disclosed by ZDI-19-932?
ZDI-19-932 allows local attackers to disclose sensitive credentials stored by the NeoLoad plugin.
Is authentication required to exploit ZDI-19-932?
Yes, authentication is required to exploit the vulnerability identified as ZDI-19-932.
- agent/type
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-932
- alias/ZDI-CAN-8873
- alias/CVE-2019-10440
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/jenkins
- canonical/jenkins nerrvana