6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
www.openwall.com/lists/oss-security/2019/09/25/3
github.com/jenkinsci/gitlab-logo-plugin
github.com/jenkinsci/gitlab-logo-plugin/commit/1a64595353df91b5fcf2d9336fa627e06ef1f8a9
jenkins.io/security/advisory/2019-09-25/#SECURITY-1575
nvd.nist.gov/vuln/detail/CVE-2019-10429