CVE-2019-1003071

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin (affected versions not specified)

Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the credentials are stored in the hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml file. Users with access to the Jenkins controller or master file system can view these credentials.

Recommendations: For the Jenkins OctopusDeploy Plugin, consider restricting access to the hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml file to minimize the risk of credential exposure. As a temporary workaround, limit user access to the Jenkins controller file system until a more secure method of credential storage is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.