Description
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-830
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2016-4464 Vulnerability in maven package org.apache.cxf.fediz:fediz-core
CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2022-21222 Vulnerability in npm package css-what
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service-api