Skip to content

Jenkins LDAP Email Plugin shows plain text password in configuration form

Low severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

maven com.mtvi.plateng.hudson:ldapemail (Maven)

Affected versions

<= 0.8

Patched versions

None

Description

Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

References

Published by the National Vulnerability Database Oct 1, 2019
Published to the GitHub Advisory Database May 24, 2022
Reviewed Jan 28, 2023
Last updated Jan 28, 2023

Severity

Low

EPSS score

0.178%
(55th percentile)

Weaknesses

CVE ID

CVE-2019-10434

GHSA ID

GHSA-53jw-4gwh-m8cm

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.