CVE-2019-10288

Name of the Vulnerable Software and Affected Versions Jenkins Jabber Server Plugin (affected versions not specified)

Description The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentials are stored in the de.e nexus.jabber.JabberBuilder.xml file, making them accessible to users with file system access to the Jenkins controller. This poses a risk as these credentials can be viewed by unauthorized parties.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.