Description
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787
Related Vulnerabilities
CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core
CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-dao
CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main
CVE-2021-39233 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2018-1000865 Vulnerability in maven package org.kohsuke:groovy-sandbox