Unencrypted Credential Storage in Jenkins Azure PublisherSettings Plugin
CVE-2019-10303
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 18 April 2019
What is CVE-2019-10303?
The Jenkins Azure PublisherSettings Credentials Plugin versions up to 1.2 are affected by a vulnerability that allows sensitive credentials to be stored in an unencrypted format within the credentials.xml file on the Jenkins master server. This exposes the credentials to any user with access to the file system on the Jenkins master, potentially leading to unauthorized access or abuses of the stored credentials. Ensuring proper encryption and access control is critical to maintaining the security of sensitive data within Jenkins environments.
Affected Version(s)
Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier