Description
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965
Related Vulnerabilities
CVE-2022-39288 Vulnerability in npm package fastify
CVE-2020-2219 Vulnerability in maven package org.jenkins-ci.plugins:link-column
CVE-2021-29445 Vulnerability in npm package jose-node-esm-runtime
CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess