Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.

Affected Packages

Maven javagh.jenkins:mashup-portlets-plugin

Affected versions: 0 (fixed in 1.1.0)

Related CVEs

CVE-2019-10347

Key Information

GHSA ID

GHSA-9p5v-6p5f-f28h

Published

May 24, 2022 4:50 PM

Last Modified

December 14, 2023 3:44 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

javagh.jenkins:mashup-portlets-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.