CVE-2019-10450
Description
Plaintext storage of credentials in Jenkins ElasticBox CI Plugin allows local file system users to obtain stored secrets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Plaintext storage of credentials in Jenkins ElasticBox CI Plugin allows local file system users to obtain stored secrets.
The Jenkins ElasticBox CI Plugin stores credentials as plaintext (unencrypted) in the config.xml file on the Jenkins master file system [1]. This storage flaw violates the principle of encrypting credentials at rest and exposes secrets to anyone who can read the configuration file.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.elasticbox.jenkins-ci.plugins:elasticboxMaven | <= 5.0.1 | — |
Affected products
2- Range: 5.0.1 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-r9xc-54cq-99r7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10450ghsaADVISORY
- jenkins.io/security/advisory/2019-10-16/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.