6.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.3%
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
config.xml
www.openwall.com/lists/oss-security/2019/04/12/2
github.com/jenkinsci/vmware-vrealize-automation-plugin
jenkins.io/security/advisory/2019-04-03/#SECURITY-945
nvd.nist.gov/vuln/detail/CVE-2019-1003068
web.archive.org/web/20200227082017/www.securityfocus.com/bid/107790