Description
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1031
Related Vulnerabilities
CVE-2020-28496 Vulnerability in maven package org.webjars.npm:three
CVE-2021-32673 Vulnerability in npm package reg-keygen-git-hash-plugin
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2019-16728 Vulnerability in maven package org.webjars.npm:dompurify