Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

##NOTE: This plugin is marked as DEPRECATED

Affected Packages

Maven org.jenkins-ci.plugins:dynatrace-dashboard

Affected versions: 0 (fixed in 2.1.4)

Related CVEs

CVE-2019-10461

Key Information

GHSA ID

GHSA-6xw9-qq9h-cr68

Published

May 24, 2022 4:59 PM

Last Modified

December 6, 2022 9:44 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:dynatrace-dashboard

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.