Description
Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1059
Related Vulnerabilities
CVE-2020-28191 Vulnerability in maven package org.togglz:togglz-console
CVE-2021-21320 Vulnerability in npm package matrix-react-sdk
CVE-2022-20612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-7661 Vulnerability in maven package org.webjars.npm:url-regex
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common