Description
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/30/5
http://www.securityfocus.com/bid/108159
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1390
Related Vulnerabilities
CVE-2020-6458 Vulnerability in npm package electron
CVE-2019-19919 Vulnerability in maven package org.webjars:handlebars
CVE-2021-29262 Vulnerability in maven package org.apache.solr:solr-core
CVE-2022-24772 Vulnerability in npm package node-forge
CVE-2019-16776 Vulnerability in maven package org.webjars:npm