Main Vulnerability Database Vulnerabilities #VU21126

#VU21126 Cleartext storage of sensitive information in Beaker builder - CVE-2019-10398

Published: September 16, 2019

Vulnerability identifier: #VU21126

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-10398

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Beaker builder

Software vendor:
Jenkins

Description

The vulnerability allows a local user to view the password on the target system.

The vulnerability exists due to the affected software stores credentials without encryption in its global configuration file on the Jenkins master. A local authenticated user with access to the master file system can obtain credentials.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545

#VU21126 Cleartext storage of sensitive information in Beaker builder - CVE-2019-10398

Description

Remediation

External links

Please verify you're human