Description
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1062
Related Vulnerabilities
CVE-2013-7454 Vulnerability in npm package validator
CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2020-28429 Vulnerability in npm package geojson2kml
CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core