Description
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1061
Related Vulnerabilities
CVE-2019-10323 Vulnerability in maven package org.jenkins-ci.plugins:artifactory
CVE-2021-29441 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2022-37258 Vulnerability in npm package steal
CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core_2.11