Description
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577
Related Vulnerabilities
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment
CVE-2019-12741 Vulnerability in maven package ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay
CVE-2020-2206 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder
CVE-2019-10367 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common