Description
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
Related Vulnerabilities
CVE-2020-7606 Vulnerability in npm package docker-compose-remote-api
CVE-2020-15123 Vulnerability in npm package codecov
CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2017-5858 Vulnerability in npm package converse.js
CVE-2015-3271 Vulnerability in maven package org.apache.tika:tika-server