CVE-2019-10452
Jenkins View26 Test-Reporting Plugin stores access token in plain text
4.3
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
Jenkins View26 Test-Reporting Plugin stores an access token unencrypted in job `config.xml` files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix.
How to fix CVE-2019-10452
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2019-10452 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 1.0.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |