Vulnerability Description
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudbees | Jenkins Operations Center | 2.150.2.3 |
Related Weaknesses (CWE)
References
- https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Je
- https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ClouThird Party Advisory
- https://release-notes.cloudbees.com/release/21/8.18
- https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Je
- https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ClouThird Party Advisory
- https://release-notes.cloudbees.com/release/21/8.18
FAQ
What is CVE-2019-11350?
CVE-2019-11350 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
How severe is CVE-2019-11350?
CVE-2019-11350 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11350?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudbees Jenkins Operations Center.