Description
Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-963
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib
CVE-2015-1840 Vulnerability in npm package jquery-ujs
CVE-2023-23638 Vulnerability in maven package org.apache.dubbo:dubbo-common
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-oidc
CVE-2023-37582 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv