Description
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-957
Related Vulnerabilities
CVE-2022-38639 Vulnerability in npm package markdown-nice
CVE-2023-37959 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher
CVE-2023-5571 Vulnerability in npm package @vrite/sdk
CVE-2020-7707 Vulnerability in npm package property-expr
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server