Description
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1043
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2015-0254 Vulnerability in maven package jstl:jstl
CVE-2023-43794 Vulnerability in npm package nocodb
CVE-2023-49377 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify