CVE-2019-10347: Insufficiently Protected Credentials

May 24, 2022 (updated December 14, 2023)

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.

References

www.openwall.com/lists/oss-security/2019/07/11/4
www.securityfocus.com/bid/109156
github.com/advisories/GHSA-9p5v-6p5f-f28h
github.com/jenkinsci/mashup-portlets-plugin/commit/05eb9bfd5c758c8c477ce6bd4315fd65d83e9a0a
jenkins.io/security/advisory/2019-07-11/
nvd.nist.gov/vuln/detail/CVE-2019-10347

Detect and mitigate CVE-2019-10347 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →