Description
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1031
Related Vulnerabilities
CVE-2020-2184 Vulnerability in maven package org.jenkins-ci.plugins:cvs
CVE-2019-10432 Vulnerability in maven package org.jenkins-ci.plugins:htmlpublisher
CVE-2019-25075 Vulnerability in maven package io.gravitee.management:gravitee-management-api-service
CVE-2019-13506 Vulnerability in npm package @nuxt/devalue
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel__traverse