Description
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057
Related Vulnerabilities
CVE-2014-0003 Vulnerability in maven package org.apache.camel:camel-core
CVE-2023-32313 Vulnerability in npm package vm2
CVE-2023-27481 Vulnerability in npm package directus
CVE-2011-5063 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2020-2306 Vulnerability in maven package org.jenkins-ci.plugins:mercurial