Description
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1066
http://www.securityfocus.com/bid/107790
http://www.openwall.com/lists/oss-security/2019/04/12/2
Related Vulnerabilities
CVE-2022-34791 Vulnerability in maven package io.jenkins.plugins:validating-email-parameter
CVE-2020-13947 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2020-17531 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web
CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates