Description
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2020-2252 Vulnerability in maven package org.jenkins-ci.plugins:mailer
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api
CVE-2021-29300 Vulnerability in npm package opened
CVE-2022-25979 Vulnerability in npm package jsuites
CVE-2022-29244 Vulnerability in maven package org.webjars.npm:npm