Jenkins · Jenkins Azure Ad Plugin · CVE-2019-10318
**Name of the Vulnerable Software and Affected Versions**
Jenkins Azure AD Plugin versions 0.3.3 and earlier
**Description**
The issue concerns the storage of the client secret in the global config.xml configuration file on the Jenkins master or controller. This secret was stored unencrypted, allowing users with access to the master or controller file system to view the credentials.
**Recommendations**
For Jenkins Azure AD Plugin versions 0.3.3 and earlier, update the plugin to a version that stores the client secret encrypted, as the updated Azure AD Plugin now includes this security enhancement.