Description
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player SQL Injection (7.3.18.727)
Jboss EAP Other Vulnerability (CVE-2010-4265)
WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)
WordPress Plugin Survey Maker-Best WordPress Survey Unspecified Vulnerability (3.2.0)
WordPress Plugin Qtranslate Slug Cross-Site Request Forgery (1.1.18)