Description
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1546
Related Vulnerabilities
CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-server
CVE-2021-23449 Vulnerability in npm package vm2
CVE-2021-21175 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-34981 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-22984 Vulnerability in npm package snyk-gradle-plugin