Description
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-830
Related Vulnerabilities
CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai
CVE-2021-20086 Vulnerability in npm package jquery-bbq
CVE-2020-7677 Vulnerability in maven package org.webjars.npm:thenify
CVE-2020-28458 Vulnerability in npm package datatables.net
CVE-2019-1003071 Vulnerability in maven package hudson.plugins.octopusdeploy:octopusdeploy