7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-10453

GHSA ID

GHSA-4p59-p85x-f3wx

EPSS Score

0.01604%

CWE

CWE-312

Published

5/24/2022

Updated

1/31/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-10453

CVE-2019-10453: Jenkins Delphix Plugin vulnerable to Cleartext credential storage

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-10453

GHSA ID

GHSA-4p59-p85x-f3wx

EPSS Score

0.01604%

CWE

CWE-312

Published

5/24/2022

Updated

1/31/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:delphix	maven	<= 2.0.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly states that credentials are stored unencrypted in the global configuration file (io.jenkins.plugins.delphix.GlobalConfiguration.xml). In Jenkins plugin architecture, the GlobalConfiguration class typically handles global settings persistence. The configure() method in such classes is responsible for saving configuration data, including credentials, to disk. The lack of encryption in storage implies this method does not apply cryptographic protections. Additionally, job configuration files (config.xml) may inherit credentials via descriptor classes, which could explain the medium-confidence entry. The exact function names are inferred from standard Jenkins plugin patterns since no patch or code diffs are available.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins **lp*ix Plu*in stor*s *r***nti*ls un*n*rypt** in its *lo**l *on*i*ur*tion *il* on t** J*nkins m*st*r w**r* t**y **n ** vi*w** *y us*rs wit* ****ss to t** m*st*r *il* syst*m.

Reasoning

T** vuln*r**ility *xpli*itly st*t*s t**t *r***nti*ls *r* stor** un*n*rypt** in t** *lo**l *on*i*ur*tion *il* (`io.j*nkins.plu*ins.**lp*ix.*lo**l*on*i*ur*tion.xml`). In J*nkins plu*in *r**it**tur*, t** `*lo**l*on*i*ur*tion` *l*ss typi**lly **n*l*s *lo

7.8

Basic Information

Concerned about an active attack path?

CVE-2019-10453: Jenkins Delphix Plugin vulnerable to Cleartext credential storage

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI