CVE-2019-10435

EUVD-2022-4430
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
jenkinssourcegear_vault
𝑥
≤ 1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/10/01/2
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524
http://www.openwall.com/lists/oss-security/2019/10/01/2
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524