CVE-2019-1003066

Name of the Vulnerable Software and Affected Versions: Jenkins Bugzilla Plugin (affected versions not specified)

Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentials are stored in the hudson.plugins.bugzilla.BugzillaProjectProperty.xml file. These credentials can be accessed by users who have permission to view the file system of the Jenkins controller.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.