Description
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1061
Related Vulnerabilities
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs
CVE-2020-2113 Vulnerability in maven package org.jenkins-ci.tools:git-parameter
CVE-2021-23436 Vulnerability in npm package immer
CVE-2019-5448 Vulnerability in maven package org.webjars.npm:yarn
CVE-2020-15092 Vulnerability in npm package @knight-lab/timelinejs