Description
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/02/12/3
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560
Related Vulnerabilities
CVE-2019-1003010 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2021-40110 Vulnerability in maven package org.apache.james:james-server
CVE-2023-46227 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2021-37404 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2023-25569 Vulnerability in maven package com.ctrip.framework.apollo:apollo