Description
Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1090
Related Vulnerabilities
CVE-2022-34112 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-record-serialization-services
CVE-2022-31191 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2020-4038 Vulnerability in maven package org.webjars.npm:graphql-playground-html