2 matches found
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10460
The CVE-2019-10460 entry concerns the Jenkins Bitbucket OAuth Plugin (versions 0.9 and earlier) that stores credentials in plaintext in the global config.xml on the Jenkins master. Root cause: credentials are written unencrypted and accessible to anyone with master FS access. Impact: exposed cred...