| CVE ID | CVE-2019-10433 |
| CVSS SCORE | 5.3, AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| AFFECTED VENDORS |
Jenkins |
| AFFECTED PRODUCTS |
dingding-notifications |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins. Authentication is required to exploit this vulnerability. The specific flaw exists within the dingding-notifications plugin. The issue results from storing credentials in plaintext. An attacker can leverage this vulnerability to execute code in the context of the build process. |
| ADDITIONAL DETAILS |
Jenkins has issued an update to correct this vulnerability. More details can be found at:
https://jenkins.io/security/advisory/2019-10-01/ |
| DISCLOSURE TIMELINE |
|
| CREDIT | David Fiser (Trend Micro Team Nebula) |
