Description
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2022-39312 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2018-1000136 Vulnerability in maven package org.webjars.npm:electron
CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream
CVE-2023-4759 Vulnerability in maven package org.eclipse.jgit:org.eclipse.jgit
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service