Cleartext transmission of sensitive information in SCTMExecutor - CVE-2019-16568
Published: December 19, 2019
Vulnerability identifier: #VU23695
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-16568
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jenkins
Affected software:
SCTMExecutor
SCTMExecutor
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the affected software transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
How to mitigate CVE-2019-16568
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.