Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2019-04-30T12:25:18
Updated: 2024-08-04T22:17:20.469Z
Reserved: 2019-03-29T00:00:00
Link: CVE-2019-10318
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-30T13:29:05.987
Modified: 2024-11-21T04:18:52.887
Link: CVE-2019-10318
Redhat
No data.