Jenkins Credentials Plugin is vulnerable to information disclosure vulnerability. Users with permission to create or update credentials could use the associated form validation to confirm the existence of files with an attacker-specified path and obtain certificate content of the files containing PKCS#12 certificate.
seclists.org/fulldisclosure/2019/May/39
seclists.org/fulldisclosure/2019/May/39
www.openwall.com/lists/oss-security/2019/05/21/1
www.openwall.com/lists/oss-security/2019/05/21/1
www.securityfocus.com/bid/108462
www.securityfocus.com/bid/108462
access.redhat.com/errata/RHBA-2019:1605
access.redhat.com/security/cve/CVE-2019-1003049
access.redhat.com/security/cve/CVE-2019-1003050
access.redhat.com/security/cve/CVE-2019-10320
access.redhat.com/security/cve/CVE-2019-10328
bugzilla.redhat.com/show_bug.cgi?id=1418021
bugzilla.redhat.com/show_bug.cgi?id=1571190
bugzilla.redhat.com/show_bug.cgi?id=1585070
bugzilla.redhat.com/show_bug.cgi?id=1600741
bugzilla.redhat.com/show_bug.cgi?id=1608260
bugzilla.redhat.com/show_bug.cgi?id=1624316
bugzilla.redhat.com/show_bug.cgi?id=1631687
bugzilla.redhat.com/show_bug.cgi?id=1639427
bugzilla.redhat.com/show_bug.cgi?id=1640382
bugzilla.redhat.com/show_bug.cgi?id=1645656
bugzilla.redhat.com/show_bug.cgi?id=1648973
bugzilla.redhat.com/show_bug.cgi?id=1651564
bugzilla.redhat.com/show_bug.cgi?id=1652746
bugzilla.redhat.com/show_bug.cgi?id=1656083
bugzilla.redhat.com/show_bug.cgi?id=1656487
bugzilla.redhat.com/show_bug.cgi?id=1661076
bugzilla.redhat.com/show_bug.cgi?id=1667063
bugzilla.redhat.com/show_bug.cgi?id=1667801
bugzilla.redhat.com/show_bug.cgi?id=1671315
bugzilla.redhat.com/show_bug.cgi?id=1671837
bugzilla.redhat.com/show_bug.cgi?id=1676399
bugzilla.redhat.com/show_bug.cgi?id=1680059
bugzilla.redhat.com/show_bug.cgi?id=1682924
bugzilla.redhat.com/show_bug.cgi?id=1688250
bugzilla.redhat.com/show_bug.cgi?id=1688318
bugzilla.redhat.com/show_bug.cgi?id=1689230
bugzilla.redhat.com/show_bug.cgi?id=1689796
bugzilla.redhat.com/show_bug.cgi?id=1690066
bugzilla.redhat.com/show_bug.cgi?id=1691023
bugzilla.redhat.com/show_bug.cgi?id=1694724
bugzilla.redhat.com/show_bug.cgi?id=1695903
bugzilla.redhat.com/show_bug.cgi?id=1696249
bugzilla.redhat.com/show_bug.cgi?id=1698018
bugzilla.redhat.com/show_bug.cgi?id=1698922
bugzilla.redhat.com/show_bug.cgi?id=1699533
bugzilla.redhat.com/show_bug.cgi?id=1699696
bugzilla.redhat.com/show_bug.cgi?id=1700875
bugzilla.redhat.com/show_bug.cgi?id=1701806
bugzilla.redhat.com/show_bug.cgi?id=1702544
bugzilla.redhat.com/show_bug.cgi?id=1702693
bugzilla.redhat.com/show_bug.cgi?id=1703136
bugzilla.redhat.com/show_bug.cgi?id=1703558
bugzilla.redhat.com/show_bug.cgi?id=1703749
bugzilla.redhat.com/show_bug.cgi?id=1703904
bugzilla.redhat.com/show_bug.cgi?id=1703947
bugzilla.redhat.com/show_bug.cgi?id=1705243
bugzilla.redhat.com/show_bug.cgi?id=1707448
bugzilla.redhat.com/show_bug.cgi?id=1707524
bugzilla.redhat.com/show_bug.cgi?id=1707799
bugzilla.redhat.com/show_bug.cgi?id=1708187
bugzilla.redhat.com/show_bug.cgi?id=1708442
bugzilla.redhat.com/show_bug.cgi?id=1708552
bugzilla.redhat.com/show_bug.cgi?id=1709254
bugzilla.redhat.com/show_bug.cgi?id=1709626
bugzilla.redhat.com/show_bug.cgi?id=1710424
bugzilla.redhat.com/show_bug.cgi?id=1710723
bugzilla.redhat.com/show_bug.cgi?id=1712488
bugzilla.redhat.com/show_bug.cgi?id=1713211
bugzilla.redhat.com/show_bug.cgi?id=1717028
bugzilla.redhat.com/show_bug.cgi?id=1718458
bugzilla.redhat.com/show_bug.cgi?id=1718542
bugzilla.redhat.com/show_bug.cgi?id=1720466
bugzilla.redhat.com/show_bug.cgi?id=1720581
jenkins.io/security/advisory/2019-05-21/#SECURITY-1322
jenkins.io/security/advisory/2019-05-21/#SECURITY-1322
wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/
wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/