Description
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-830
Related Vulnerabilities
CVE-2022-35513 Vulnerability in npm package blink1control2
CVE-2019-10461 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard
CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js