CVE-2019-16542 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-16542 Interim 1 6 2025-02-17T01:55:24Z current 2021-05-30T14:31:51Z 2025-02-17T01:55:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-16542 Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. CVE-2019-16542 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N