Description
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/16/6
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450
Related Vulnerabilities
CVE-2021-43980 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura
CVE-2015-8861 Vulnerability in maven package org.webjars.npm:handlebars
CVE-2023-43495 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-7957 Vulnerability in maven package org.jvnet.hudson:xstream