Description
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Related Vulnerabilities
CVE-2022-45598 Vulnerability in npm package @joplin/renderer
CVE-2021-23358 Vulnerability in maven package org.webjars.bowergithub.jashkenas:underscore
CVE-2023-49652 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine
CVE-2022-24278 Vulnerability in npm package convert-svg-core
CVE-2020-35213 Vulnerability in maven package io.atomix:atomix