Description
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-260
Related Vulnerabilities
CVE-2020-24554 Vulnerability in maven package com.liferay.release.portal.bom
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project
CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui
CVE-2019-25027 Vulnerability in maven package com.vaadin:flow-server