{"api_version":"1","generated_at":"2026-06-15T05:31:00+00:00","cve":"CVE-2019-10450","urls":{"html":"https://cve.report/CVE-2019-10450","api":"https://cve.report/api/cve/CVE-2019-10450.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10450","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10450"},"summary":{"title":"CVE-2019-10450","description":"Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2019-10-16 14:15:00","updated_at":"2023-10-25 18:16:00"},"problem_types":["CWE-312"],"metrics":[],"references":[{"url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434","name":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Jenkins Security Advisory 2019-10-16","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10450","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10450","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10450","vulnerable":"1","versionEndIncluding":"5.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"elasticbox_ci","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-10450","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins ElasticBox CI Plugin","version":{"version_data":[{"version_affected":"=","version_value":"5.0.1 and earlier"}]}}]}}]}},"references":{"reference_data":[{"url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434","refsource":"MISC","name":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434"}]}},"nvd":{"publishedDate":"2019-10-16 14:15:00","lastModifiedDate":"2023-10-25 18:16:00","problem_types":["CWE-312"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:elasticbox_ci:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"5.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10450","Ordinal":"148678","Title":"CVE-2019-10450","CVE":"CVE-2019-10450","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10450","Ordinal":"1","NoteData":"Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10450","Ordinal":"2","NoteData":"2019-10-16","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10450","Ordinal":"3","NoteData":"2019-10-16","Type":"Other","Title":"Modified"}]}}}