Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yZmM4LXdycmYtd3Azd84AAgeE
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
Jenkins Azure PublisherSettings Credentials Plugin stored the service management certificate unencrypted in credentials.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.
Azure PublisherSettings Credentials Plugin has been deprecated. Azure PublisherSettings Credentials Plugin 1.5 no longer provides any user features and we recommend the plugin be uninstalled.
Permalink: https://github.com/advisories/GHSA-rfc8-wrrf-wp3wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZmM4LXdycmYtd3Azd84AAgeE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-rfc8-wrrf-wp3w, CVE-2019-10303
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10303
- https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844
- https://web.archive.org/web/20200227075952/http://www.securityfocus.com/bid/108045
- https://github.com/advisories/GHSA-rfc8-wrrf-wp3w
Affected Packages
maven:org.jenkins-ci.plugins:azure-publishersettings-credentials
Affected Version Ranges: < 1.5Fixed in: 1.5