Description
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Related Vulnerabilities
CVE-2020-25638 Vulnerability in maven package org.hibernate:hibernate-core
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack
CVE-2020-12648 Vulnerability in maven package org.webjars.bower:tinymce
CVE-2019-13235 Vulnerability in maven package org.opencms:opencms-core
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12