Description
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1040
Related Vulnerabilities
CVE-2020-15096 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-1003075 Vulnerability in maven package org.jenkins-ci.plugins:audit2db
CVE-2019-10782 Vulnerability in maven package com.puppycrawl.tools:checkstyle
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hadoop-dbcp-service
CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab