Description
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1069
Related Vulnerabilities
CVE-2022-25872 Vulnerability in npm package fast-string-search
CVE-2022-40764 Vulnerability in npm package snyk-go-plugin
CVE-2023-37950 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc
CVE-2021-37137 Vulnerability in maven package io.netty:netty-codec