Description
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066
Related Vulnerabilities
CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2016-5007 Vulnerability in maven package org.springframework.security:spring-security-config
CVE-2018-20677 Vulnerability in npm package bootstrap-sass
CVE-2023-27603 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2016-8629 Vulnerability in maven package org.keycloak:keycloak-model-infinispan