CVE-2019-10295

Name of the Vulnerable Software and Affected Versions Jenkins crittercism-dsym Plugin (affected versions not specified)

Description The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be accessed by users who have Extended Read permission or those with access to the master or controller file system.

Recommendations For the Jenkins crittercism-dsym Plugin, consider restricting access to the config.xml files to minimize the risk of credential exposure until a proper fix is implemented. As a temporary workaround, review and limit user permissions to ensure only necessary personnel have Extended Read access or file system access to the Jenkins master or controller. At the moment, there is no information about a newer version that contains a fix for this vulnerability.