CVE-2019-16556

Name of the Vulnerable Software and Affected Versions Jenkins Rundeck Plugin versions 3.6.5 and earlier

Description The issue allows credentials to be stored unencrypted in the global configuration file and in job config.xml files on the Jenkins master. This can be accessed by users with Extended Read permission or those who have access to the master file system.

Recommendations For Jenkins Rundeck Plugin versions 3.6.5 and earlier, consider restricting access to the global configuration file and job config.xml files to minimize the risk of credential exposure. As a temporary workaround, limit user permissions to prevent those with Extended Read permission from viewing sensitive information.