CVE-2019-10303

HIGH

Jenkins Azure Publishersettings Crede... - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108045

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

jenkins/azure_publishersettings_credentials < 1.2

org.jenkins-ci.plugins/azure-publishersettings-credentials < 1.5Maven

Timeline

Published Apr 18, 2019

Tracked Since Feb 18, 2026