Main Vulnerability Database Vulnerabilities #VU21525

Cleartext transmission of sensitive information in LDAP Email - CVE-2019-10434

Published: October 3, 2019

Vulnerability identifier: #VU21525

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10434

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
LDAP Email

Detailed vulnerability description

The vulnerability allows a remote attacker to view a password on the target system.

The vulnerability exists due to the affected software stores an LDAP bind password in its global Jenkins configuration. While the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form. A remote attacker with ability to intercept network traffic can obtain the password.

How to mitigate CVE-2019-10434

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Cleartext transmission of sensitive information in LDAP Email - CVE-2019-10434

Detailed vulnerability description

How to mitigate CVE-2019-10434

Sources

Please verify you're human