CVE-2019-10320

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Plugin versions 2.1.18 and earlier

Description The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the certificate content of files containing a PKCS#12 certificate. This can lead to information leakage about files and directories. An attacker can exploit this to create or update credentials and gain access to files containing a PKCS#12 certificate.

Recommendations For Jenkins Credentials Plugin versions 2.1.18 and earlier, update to a version later than 2.1.18 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.