Description
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-835
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox.js
CVE-2022-35916 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow