Description
Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-838
Related Vulnerabilities
CVE-2019-16544 Vulnerability in maven package org.jenkins-ci.plugins:qmetry-for-jira-test-management
CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2022-37616 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2019-14893 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind