Vulnerabilities > CVE-2019-1010241 - Credentials Management vulnerability in Jenkins Credentials Binding 1.17

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

CWE-255

NVD

Published: 2019-07-19

Updated: 2019-10-30

Summary

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Credentials Binding 1.17	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securityfocus.com/bid/109320
https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing