Lucene search
David Fiser (Trend Micro Team Nebula)ZDI-19-839HistorySep 17, 2019 - 12:00 a.m.
Jenkins testlink Cleartext Storage of Credentials Information Disclosure Vulnerability
2019-09-1700:00:00
David Fiser (Trend Micro Team Nebula)
www.zerodayinitiative.com
14
0.001 Low
EPSS
Percentile
28.4%
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins testlink. Authentication is required to exploit this vulnerability. The specific flaw exists within the testlink plugin. The issue results from storing credentials in plaintext. An attacker can leverage this vulnerability to execute code in the context of the build process.
References
Related
osv
osv
CVE-2019-10378
2019-08-07 15:15:13
Jenkins TestLink Plugin stores credentials in plain text
2022-05-24 16:52:46
cve
cve
CVE-2019-10378
2019-08-07 15:15:13
alpinelinux
alpinelinux
CVE-2019-10378
2019-08-07 15:15:13
nvd
nvd
CVE-2019-10378
2019-08-07 15:15:13
cvelist
cvelist
CVE-2019-10378
2019-08-07 14:20:24
github
github
Jenkins TestLink Plugin stores credentials in plain text
2022-05-24 16:52:46
prion
prion
Design/Logic Flaw
2019-08-07 15:15:00