{"id":"CVE-2019-10449","details":"Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.","aliases":["GHSA-hhhh-69qp-5p2v"],"modified":"2026-04-10T04:13:51.395134Z","published":"2019-10-16T14:15:12.887Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/fortify-on-demand-uploader-plugin","events":[{"introduced":"0"},{"last_affected":"3be14ed0c9b9a219fe3d97bf03cb4ded12bee26d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"}]}}],"versions":["2.0","fortify-on-demand-uploader-1.0","fortify-on-demand-uploader-1.01","fortify-on-demand-uploader-1.02","fortify-on-demand-uploader-1.03","fortify-on-demand-uploader-1.04","fortify-on-demand-uploader-1.05","fortify-on-demand-uploader-1.06","fortify-on-demand-uploader-1.07","fortify-on-demand-uploader-1.08","fortify-on-demand-uploader-1.09","fortify-on-demand-uploader-1.10","fortify-on-demand-uploader-2.0.3","fortify-on-demand-uploader-2.0.4","fortify-on-demand-uploader-2.0.5","fortify-on-demand-uploader-2.0.6","fortify-on-demand-uploader-2.0.7","fortify-on-demand-uploader-2.0.8","fortify-on-demand-uploader-2.0.9","fortify-on-demand-uploader-3.0.0","fortify-on-demand-uploader-3.0.1","fortify-on-demand-uploader-3.0.10","fortify-on-demand-uploader-3.0.11","fortify-on-demand-uploader-3.0.12","fortify-on-demand-uploader-3.0.2","fortify-on-demand-uploader-3.0.3","fortify-on-demand-uploader-3.0.4","fortify-on-demand-uploader-3.0.5","fortify-on-demand-uploader-3.0.6","fortify-on-demand-uploader-3.0.7","fortify-on-demand-uploader-3.0.8","fortify-on-demand-uploader-3.0.9","fortify-on-demand-uploader-4.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10449.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}