Description
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1041
Related Vulnerabilities
CVE-2021-23631 Vulnerability in npm package convert-svg-core
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2021-37695 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12
CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text