CVE-2019-10318
LOW3.3EPSS 0.07%Jenkins Azure AD Plugin stored the client secret unencrypted
發布日:2022/5/24修改日:2024/2/16
描述
Jenkins Azure AD Plugin stored the client secret unencrypted in the global config.xml configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Azure AD Plugin now stores the client secret encrypted.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:azure-adfrom 0, < 0.3.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10318
- WEBhttps://github.com/jenkinsci/azure-ad-plugin/commit/70983d1a6528847ccd6e7f124450c578c42d194f
- WEBhttps://jenkins.io/security/advisory/2019-04-30/#SECURITY-1390
- WEBhttps://web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159
- WEBhttp://www.openwall.com/lists/oss-security/2019/04/30/5