Description
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-828
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2018-1999026 Vulnerability in maven package de.tracetronic.jenkins.plugins:ecutest
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk14
CVE-2022-41929 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2015-0250 Vulnerability in maven package batik:batik-dom
CVE-2019-1003021 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth