Description
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1040
Related Vulnerabilities
CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci
CVE-2021-43841 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-37404 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs-native-client
CVE-2021-23447 Vulnerability in npm package teddy
CVE-2023-37947 Vulnerability in maven package org.openshift.jenkins:openshift-login