vulnerability

Jenkins Advisory 2019-08-28: CVE-2019-10391: Deprecated: IBM AppScan Plugin showed plain text password in job configuration form fields

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Aug 28, 2019

Added

Sep 29, 2023

Modified

Mar 27, 2026

Description

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

Solutions

jenkins-lts-upgrade-2_176_3jenkins-upgrade-2_192

References

CVE-2019-10391
https://attackerkb.com/topics/CVE-2019-10391
CWE-319
EUVD-EUVD-2022-2719
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-2719
https://jenkins.io/security/advisory/2019-08-28/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report