CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal

Description

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1572

Related Vulnerabilities

CVE-2019-20503 Vulnerability in npm package electron

CVE-2022-36889 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2020-27216 Vulnerability in maven package org.mortbay.jetty:jetty

CVE-2019-10314 Vulnerability in maven package org.jenkins-ci.plugins:koji

CVE-2020-11976 Vulnerability in maven package org.apache.wicket:wicket-core

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N