Description
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954
Related Vulnerabilities
CVE-2022-0265 Vulnerability in maven package com.hazelcast:hazelcast
CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css
CVE-2019-20921 Vulnerability in maven package org.webjars.bowergithub.thdoan:bootstrap-select
CVE-2020-2230 Vulnerability in maven package org.jenkins-ci.main:jenkins-core