Description
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965
Related Vulnerabilities
CVE-2022-39381 Vulnerability in npm package muhammara
CVE-2021-21343 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-23497 Vulnerability in npm package @strikeentco/set
CVE-2022-24785 Vulnerability in maven package org.fujion.webjars:moment
CVE-2017-12629 Vulnerability in maven package org.apache.solr:solr-core