Description
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-828
Related Vulnerabilities
CVE-2020-14195 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-21172 Vulnerability in npm package electron
CVE-2020-11022 Vulnerability in npm package jquery
CVE-2019-10767 Vulnerability in npm package iobroker.js-controller
CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code