Description
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1546
Related Vulnerabilities
CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request
CVE-2021-46708 Vulnerability in npm package swagger-ui
CVE-2023-28708 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-2932 Vulnerability in npm package mobiledoc-kit
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.11