Description
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-835
Related Vulnerabilities
CVE-2023-31544 Vulnerability in maven package org.opencms:opencms-core
CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2021-3632 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2022-25948 Vulnerability in npm package liquidjs
CVE-2018-11764 Vulnerability in maven package org.apache.hadoop:hadoop-core