GHSA-rfc8-wrrf-wp3w

Source

https://github.com/advisories/GHSA-rfc8-wrrf-wp3w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfc8-wrrf-wp3w/GHSA-rfc8-wrrf-wp3w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rfc8-wrrf-wp3w

Aliases

CVE-2019-10303

Published

2022-05-24T16:43:53Z

Modified

2024-02-16T08:12:31.389058Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text

Details

Jenkins Azure PublisherSettings Credentials Plugin stored the service management certificate unencrypted in credentials.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.

Azure PublisherSettings Credentials Plugin has been deprecated. Azure PublisherSettings Credentials Plugin 1.5 no longer provides any user features and we recommend the plugin be uninstalled.

Database specific

{
    "nvd_published_at": "2019-04-18T17:29:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T21:00:23Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:azure-publishersettings-credentials

Package

Name: org.jenkins-ci.plugins:azure-publishersettings-credentials; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/azure-publishersettings-credentials

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5

Affected versions

1.*

1.0

1.1

1.2