PT-2019-11720 · Jenkins · Jenkins Azure Ad Plugin+1

Mark Combellack

Publicado

2019-04-30

Atualizado

2023-10-25

CVE-2019-10318

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Azure AD Plugin versions 0.3.3 and earlier

Description The issue concerns the storage of the client secret in the global config.xml configuration file on the Jenkins master or controller. This secret was stored unencrypted, allowing users with access to the master or controller file system to view the credentials.

Recommendations For Jenkins Azure AD Plugin versions 0.3.3 and earlier, update the plugin to a version that stores the client secret encrypted, as the updated Azure AD Plugin now includes this security enhancement.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2019-10318

GHSA-JCWJ-J574-8J2C

Produtos afetados

Jenkins

Jenkins Azure Ad Plugin

PT-2019-11720 · Jenkins · Jenkins Azure Ad Plugin+1

CVE-2019-10318

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8