Description
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093
Related Vulnerabilities
CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2020-6423 Vulnerability in npm package electron
CVE-2019-16761 Vulnerability in npm package slp-validate
CVE-2022-34916 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source
CVE-2019-1003091 Vulnerability in maven package com.soasta.jenkins:cloudtest