Description
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
Related Vulnerabilities
CVE-2016-3092 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2019-14517 Vulnerability in npm package editor.md
CVE-2021-21267 Vulnerability in npm package schema-inspector
CVE-2019-10336 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2021-24033 Vulnerability in maven package org.webjars.npm:react-dev-utils