Description
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1066
Related Vulnerabilities
CVE-2020-2183 Vulnerability in maven package org.jenkins-ci.plugins:copyartifact
CVE-2020-28480 Vulnerability in maven package org.webjars.npm:jointjs
CVE-2022-25918 Vulnerability in npm package shescape
CVE-2023-40342 Vulnerability in maven package org.jenkins-ci.plugins:flaky-test-handler
CVE-2022-41704 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge