CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal

Description

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1572

Related Vulnerabilities

CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar

CVE-2020-7602 Vulnerability in npm package node-prompt-here

CVE-2022-36903 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2019-10420 Vulnerability in maven package org.jenkins-ci.plugins:assembla

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N