Description
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577
Related Vulnerabilities
CVE-2021-29445 Vulnerability in npm package jose-node-esm-runtime
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2022-36885 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2019-16335 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind