Description
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1043
Related Vulnerabilities
CVE-2022-35949 Vulnerability in npm package undici
CVE-2023-29246 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2023-48967 Vulnerability in maven package org.noear:solon.serialization.fury
CVE-2022-22138 Vulnerability in npm package fast-string-search
CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin