0.0004 Low
EPSS
Percentile
12.6%
Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
www.openwall.com/lists/oss-security/2019/10/23/2
github.com/jenkinsci/bitbucket-oauth-plugin
github.com/jenkinsci/bitbucket-oauth-plugin/commit/f55d222db910220ca8cd8631fb746c98b9e12870
jenkins.io/security/advisory/2019-10-23/#SECURITY-1546
nvd.nist.gov/vuln/detail/CVE-2019-10460