Description
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-959
Related Vulnerabilities
CVE-2019-10367 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2022-29214 Vulnerability in npm package next-auth
CVE-2019-15488 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:sbt