Description
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/12/17/1
http://www.openwall.com/lists/oss-security/2019/12/17/1
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1597
Related Vulnerabilities
CVE-2020-8129 Vulnerability in npm package script-manager
CVE-2022-35949 Vulnerability in maven package org.webjars.npm:undici
CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2020-2176 Vulnerability in maven package it.infuse.jenkins:usemango-runner
CVE-2020-13654 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore