Description
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-260
Related Vulnerabilities
CVE-2023-29522 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2020-2245 Vulnerability in maven package org.jenkins-ci.plugins:valgrind
CVE-2022-24719 Vulnerability in npm package fluture-node
CVE-2021-3632 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core