CVE-2019-10303: Insufficiently Protected Credentials

May 24, 2022 (updated October 26, 2023)

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

References

github.com/advisories/GHSA-rfc8-wrrf-wp3w
jenkins.io/security/advisory/2019-04-17/
nvd.nist.gov/vuln/detail/CVE-2019-10303
web.archive.org/web/20200227075952/http://www.securityfocus.com/bid/108045

Code Behaviors & Features

Detect and mitigate CVE-2019-10303 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →