Description
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-955
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2022-43431 Vulnerability in maven package com.compuware.jenkins:compuware-strobe-measurement
CVE-2021-43821 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl
CVE-2022-42127 Vulnerability in maven package com.liferay:com.liferay.friendly.url.web
CVE-2023-50772 Vulnerability in maven package com.zintow:dingding-json-pusher