Jenkins - Sonar Gerrit CVE

Filtered by vendor Jenkins Subscribe

Filtered by product Sonar Gerrit

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-10467	1 Jenkins	1 Sonar Gerrit	2019-10-24	4.0 MEDIUM	6.5 MEDIUM
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Vulnerabilities (CVE)