CVE-2019-1003073

HIGH

Jenkins VS Team Services CD Plugin - Info Disclosure

Title source: llm

Description

Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/107790

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/04/12/2

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-962

Scores

CVSS v3 8.8

EPSS 0.0137

EPSS Percentile 68.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

jenkins/vs_team_services_continuous_deployment

org.jenkins-ci.plugins/vsts-cd 0Maven

Published Apr 04, 2019

Tracked Since Feb 18, 2026