CVE-2019-1003075

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin (affected versions not specified)

Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file. Specifically, database credentials are stored unencrypted in the audit2db.xml file on the Jenkins controller. This allows users with access to the Jenkins controller file system to view these credentials.

Recommendations: For the Jenkins Audit to Database Plugin, consider restricting access to the audit2db.xml file to minimize the risk of credential exposure until a proper fix is implemented. As a temporary workaround, limit user access to the Jenkins controller file system to reduce the potential for unauthorized viewing of the unencrypted credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.