CVE-2019-10303 – org.jenkins-ci.plugins:azure-publishersettings-credentials

Package

Manager: maven
Name: org.jenkins-ci.plugins:azure-publishersettings-credentials
Vulnerable Version: >=0 <1.5

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00067 pctl0.21074

Details

Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text Jenkins Azure PublisherSettings Credentials Plugin stored the service management certificate unencrypted in credentials.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Azure PublisherSettings Credentials Plugin has been deprecated. Azure PublisherSettings Credentials Plugin 1.5 no longer provides any user features and we recommend the plugin be uninstalled.

Metadata

Created: 2022-05-24T16:43:53Z
Modified: 2023-10-26T21:00:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfc8-wrrf-wp3w/GHSA-rfc8-wrrf-wp3w.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-rfc8-wrrf-wp3w
Finding: F035
Auto approve: 1