CVE-2019-16568: Cleartext Transmission of Sensitive Information

December 17, 2019 (updated December 18, 2019)

Jenkins SCTMExecutor Plugin transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs’ configurations.

References

jenkins.io/security/advisory/2019-12-17/
nvd.nist.gov/vuln/detail/CVE-2019-16568

Code Behaviors & Features

Detect and mitigate CVE-2019-16568 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →