Description
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1621
Related Vulnerabilities
CVE-2020-26282 Vulnerability in maven package com.browserup:browserup-proxy-rest
CVE-2022-21830 Vulnerability in npm package @rocket.chat/livechat
CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2020-8203 Vulnerability in maven package org.webjars.bower:lodash