Description
Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-838
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2023-26470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-42468 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source
CVE-2022-22931 Vulnerability in maven package org.apache.james:james-server
CVE-2021-37701 Vulnerability in npm package tar
CVE-2011-1184 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core