CVE-2019-1010241

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin version 1.17

Description The issue is related to storing passwords in a recoverable format, allowing authenticated users to recover credentials. The component affected is config-variables.jelly, specifically line #30, which involves the passwordVariable. An attacker can exploit this by creating and executing a Jenkins job, potentially leading to unauthorized access to protected information.

Recommendations For Jenkins Credentials Binding Plugin version 1.17, consider disabling the passwordVariable in the config-variables.jelly file as a temporary workaround until a patch is available. Restrict access to the config-variables.jelly component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.