CVE-2019-10303

Name of the Vulnerable Software and Affected Versions Jenkins Azure PublisherSettings Credentials Plugin versions 1.2 and earlier Jenkins Azure PublisherSettings Credentials Plugin versions prior to 1.5

Description The issue concerns the storage of credentials in an unencrypted manner within the credentials.xml file on the Jenkins master or controller. This allows users with access to the master or controller file system to view the stored credentials, including service management certificates. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. The credentials.xml file is the key location where these unencrypted credentials are stored, and users with access to the Jenkins controller file system can view these credentials.

Recommendations For Jenkins Azure PublisherSettings Credentials Plugin versions 1.2 and earlier, consider uninstalling the plugin as it has been deprecated and no longer provides any user features. For Jenkins Azure PublisherSettings Credentials Plugin versions prior to 1.5, uninstall the plugin to prevent potential exploitation. As a temporary workaround, consider restricting access to the credentials.xml file to minimize the risk of exploitation.