CVE-2019-10303

EUVD-2022-5160
Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
jenkinsazure_publishersettings_credentials
𝑥
≤ 1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844