Description
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093
Related Vulnerabilities
CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2019-1003071 Vulnerability in maven package hudson.plugins.octopusdeploy:octopusdeploy
CVE-2022-39381 Vulnerability in npm package muhammara
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-support