Description
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2091
Related Vulnerabilities
CVE-2021-39232 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2017-18354 Vulnerability in npm package rendertron-middleware
CVE-2013-4940 Vulnerability in npm package yui
CVE-2022-41240 Vulnerability in maven package org.jenkins-ci.plugins:walti
CVE-2017-7957 Vulnerability in maven package xstream:xstream