Description

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

Remediation

References

http://www.securityfocus.com/bid/108045

https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844

Related Vulnerabilities

CVE-2022-29247 Vulnerability in maven package org.webjars.npm:electron

CVE-2014-7205 Vulnerability in npm package bassmaster

CVE-2021-32854 Vulnerability in maven package org.webjars.bower:textangular

CVE-2017-1000209 Vulnerability in maven package com.neovisionaries:nv-websocket-client

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-util

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory