Description
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/05/31/2
http://www.securityfocus.com/bid/108540
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1403
Related Vulnerabilities
CVE-2021-37701 Vulnerability in npm package tar
CVE-2023-50164 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23
CVE-2022-21208 Vulnerability in npm package node-opcua
CVE-2019-16548 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine