Description
Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1085
Related Vulnerabilities
CVE-2012-0881 Vulnerability in maven package xerces:xercesimpl
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2021-21366 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2022-25354 Vulnerability in npm package set-in
CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml