Description
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-25167 Vulnerability in maven package org.apache.flume:flume-parent
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2023-24452 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater