CVE-2019-10303

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10303

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10303.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10303

Aliases

GHSA-rfc8-wrrf-wp3w

Published

2019-04-18T17:29:00Z

Modified

2025-01-14T07:04:14.528770Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

References

Affected packages

Git / github.com/jenkinsci/azure-publishersettings-credentials-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/azure-publishersettings-credentials-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a05ef4ae893db97d2c22b4e778c47061e612ebab

Affected versions

azure-publishersettings-credentials-1.*

azure-publishersettings-credentials-1.0

azure-publishersettings-credentials-1.1

azure-publishersettings-credentials-1.2