Description
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-966
Related Vulnerabilities
CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2018-1305 Vulnerability in maven package org.apache.tomcat:tomcat-catalina