CVE-2019-10421

📊 4.3 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Sep 25, 2019

📋 Status: Modified

Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	jenkins	azure event grid notifier	≤ 0.1 Target SW: jenkins	Vulnerable	cpe:2.3:a:jenkins:azure_event_grid_notifier::::::jenkins::*

📱

jenkins / azure event grid notifier

Application

Vulnerable

Version: ≤ 0.1

Target SW: jenkins

CPE:

cpe:2.3:a:jenkins:azure_event_grid_notifier:*:*:*:*:*:jenkins:*:*

Metrics

4.3 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

NONE

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

4.3 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)17.6th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Sep 25, 2019 (6 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-522

References3

NVDadvisorygeneral