CVE-2019-10451

Vulnerability

Description

The Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master [1]. This means that any user who can read the master's file system can obtain the plaintext credentials, violating the principle of secure credential storage.

Exploitation

Exploitation requires access to the Jenkins master's file system. This could be a local user with shell access, or a remote attacker who has already compromised the master through another vulnerability. No additional authentication is needed beyond the file system read permission [2]. The credentials are stored in the plugin's configuration file, which is typically readable by users with Overall/Read permission or by direct file access.

Impact

An attacker who retrieves the plaintext credentials can use them to authenticate to the SOASTA CloudTest service or any other system those credentials protect. This could lead to unauthorized access to test environments, data exfiltration, or lateral movement within the organization's infrastructure.

Mitigation

The Jenkins Security Advisory 2019-10-16 recommends updating the SOASTA CloudTest Plugin to a version that encrypts credentials [1]. No workaround is provided; users should apply the plugin update as soon as possible. The vulnerability is not known to be exploited in the wild, but given the ease of exploitation, prompt remediation is advised.