Description
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/05/31/2
http://www.securityfocus.com/bid/108540
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1403
Related Vulnerabilities
CVE-2021-21277 Vulnerability in maven package org.webjars.npm:angular-expressions
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2022-23305 Vulnerability in maven package log4j:log4j
CVE-2020-5259 Vulnerability in npm package dojox
CVE-2022-29172 Vulnerability in maven package org.webjars.npm:auth0-lock