Description
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541
Related Vulnerabilities
CVE-2022-23532 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2020-2246 Vulnerability in maven package org.jenkins-ci.plugins:valgrind
CVE-2022-45210 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2023-46499 Vulnerability in npm package @evershop/evershop
CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner