Jenkins SourceGear Vault Plugin Cleartext Transmission of Sensitive Information Vulnerability 

Summary

Jenkins SourceGear Vault Plugin suffers from information disclosure vulnerability.

 

Credit:

The information has been provided by the Vendor.

The original article can be found at http://www.openwall.com/lists/oss-security/2019/10/01/2


Details
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

Vulnerable Systems: 

Jenkins SourceGear Vault Plugin 

CVE Information:

CVE-2019-10435

Disclosure Timeline:

Published Date:10/01/2019