Description
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064
Related Vulnerabilities
CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2018-1258 Vulnerability in maven package org.springframework:spring-core
CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent
CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2019-0205 Vulnerability in maven package org.webjars.bower:thrift