Description
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156
Related Vulnerabilities
CVE-2020-16022 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-37909 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui
CVE-2020-7015 Vulnerability in npm package kibana
CVE-2022-45921 Vulnerability in maven package io.fusionauth:fusionauth-java-client
CVE-2019-10359 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release