Main Vulnerability Database SB2019091604

SB2019091604 - Information disclosure in Beaker builder plugin for Jenkins

Published: September 16, 2019

Security Bulletin ID SB2019091604

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2019-10398)

The vulnerability allows a local user to view the password on the target system.

The vulnerability exists due to the affected software stores credentials without encryption in its global configuration file on the Jenkins master. A local authenticated user with access to the master file system can obtain credentials.

Remediation

Install update from vendor's website.

References

http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545