Description
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-957
Related Vulnerabilities
CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2018-1000125 Vulnerability in maven package com.inversoft:prime-jwt
CVE-2019-0191 Vulnerability in maven package org.apache.karaf.kar:org.apache.karaf.kar.core
CVE-2021-23326 Vulnerability in npm package @graphql-tools/git-loader
CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty