Description
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-957
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2021-39168 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2023-32985 Vulnerability in maven package org.jenkins-ci.plugins:sidebar-link
CVE-2023-46673 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2017-17068 Vulnerability in npm package auth0-js
CVE-2020-2113 Vulnerability in maven package org.jenkins-ci.tools:git-parameter