Description
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-966
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2022-31166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-31064 Vulnerability in maven package org.apache.inlong:manager-workflow
CVE-2010-2227 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2021-43138 Vulnerability in maven package org.webjars.bowergithub.caolan:async