6.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.2%
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
config.xml
www.openwall.com/lists/oss-security/2019/04/12/2
github.com/jenkinsci/deployhub-plugin
github.com/jenkinsci/deployhub-plugin/commit/6ad56362087f6d34c3532a0962a881cd8a822394
jenkins.io/security/advisory/2019-04-03/#SECURITY-959
nvd.nist.gov/vuln/detail/CVE-2019-10286