CVE-2019-1003063

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon SNS Build Notifier Plugin (affected versions not specified)

Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the credentials are stored in the org.jenkinsci.plugins.snsnotify.AmazonSNSNotifier.xml file. Users with access to the Jenkins controller or master file system can view these credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.