Description
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1477
Related Vulnerabilities
CVE-2023-3308 Vulnerability in maven package com.whaleal.icefrog:icefrog-all
CVE-2020-2123 Vulnerability in maven package org.jenkins-ci.plugins:radargun
CVE-2020-8205 Vulnerability in npm package @uppy/companion
CVE-2020-7598 Vulnerability in maven package org.webjars.npm:minimist
CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server