CVE-2019-10430
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
5.5
MEDIUM
CVSS 3.1
EPSS 0.01%
Description
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
How to fix CVE-2019-10430
To remediate CVE-2019-10430, upgrade the affected package to a fixed version below.
- —upgrade to 1.6 or later
Is CVE-2019-10430 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |