Description
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949
Related Vulnerabilities
CVE-2023-26920 Vulnerability in npm package fast-xml-parser
CVE-2019-16541 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2022-22931 Vulnerability in maven package org.apache.james:james-server
CVE-2019-10430 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner
CVE-2019-13236 Vulnerability in maven package org.opencms:opencms-core