Description
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-952
Related Vulnerabilities
CVE-2019-1003096 Vulnerability in maven package org.jenkins-ci.plugins:testfairy
CVE-2020-28437 Vulnerability in npm package heroku-env
CVE-2021-26117 Vulnerability in maven package org.apache.activemq:artemis-server
CVE-2016-5725 Vulnerability in maven package com.jcraft:jsch
CVE-2021-21160 Vulnerability in maven package org.webjars.npm:electron