Description
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-957
Related Vulnerabilities
CVE-2013-4317 Vulnerability in maven package org.apache.cloudstack:cloudstack
CVE-2022-25883 Vulnerability in npm package semver
CVE-2021-20220 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-15597 Vulnerability in npm package node-df
CVE-2012-0881 Vulnerability in maven package xerces:xercesimpl