Description
Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-843
Related Vulnerabilities
CVE-2023-43496 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-26156 Vulnerability in maven package org.webjars.npm:chromedriver
CVE-2022-36919 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2019-25027 Vulnerability in maven package com.vaadin:flow-server
CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.12