CVE-2019-10318 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad

Description

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1390

http://www.openwall.com/lists/oss-security/2019/04/30/5

http://www.securityfocus.com/bid/108159

Related Vulnerabilities

CVE-2021-39176 Vulnerability in npm package detect-character-encoding

CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files

CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2023-48240 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2015-8131 Vulnerability in npm package kibana

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H