CVE-2019-1010241

CVE-2019-1010241

Vendor Jenkins Credentials Binding Plugin
Product Jenkins
Weakness CWE-257
Published July 19, 2019
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.

Key dates

02Disclosure timeline

July 19, 2019 CVE published
August 5, 2024 Record updated