Description
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1432
Related Vulnerabilities
CVE-2016-10365 Vulnerability in npm package kibana
CVE-2015-5209 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2016-10549 Vulnerability in npm package sails
CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream
CVE-2023-29509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui