Description
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/11/15/4
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912
Related Vulnerabilities
CVE-2021-4307 Vulnerability in maven package org.webjars.bower:baobab
CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts
CVE-2020-36640 Vulnerability in maven package org.bonitasoft.connectors:bonita-connector-webservice
CVE-2020-6429 Vulnerability in maven package org.webjars.npm:electron