Skip to main content

Zulip CVE-2019-10476

HIGH
Insufficiently Protected Credentials (CWE-522)
2019-10-23 jenkinsci-cert@googlegroups.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 23, 2019 - 13:15 nvd
HIGH 7.8

DescriptionNVD

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

AnalysisAI

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Affected products include: Jenkins Zulip.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

More in Zulip

View all
CVE-2021-41115 MEDIUM POC
6.5 Oct 07

Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,

CVE-2022-31168 HIGH
8.8 Jul 22

Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low

CVE-2022-24751 HIGH
7.4 Mar 16

Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitab

CVE-2026-26058 MEDIUM
6.1 Apr 03

Path traversal in Zulip's ./manage.py import function allows local attackers to read arbitrary files from the server fil

CVE-2026-40300 MEDIUM
6.0 May 12

Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "move

CVE-2022-35962 MEDIUM
5.7 Aug 29

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7)

CVE-2024-36624 MEDIUM
5.4 Nov 29

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. Rated me

CVE-2024-36625 MEDIUM
5.4 Nov 29

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. Rated medi

CVE-2026-25742 MEDIUM
5.3 Apr 03

Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public strea

CVE-2021-43791 MEDIUM
5.3 Dec 02

Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium se

CVE-2022-36048 MEDIUM
4.3 Aug 31

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se

CVE-2023-28623 LOW
3.7 May 19

Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this v

Share

CVE-2019-10476 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy