Description
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Related Vulnerabilities
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-el-api
CVE-2022-23437 Vulnerability in maven package xerces:xercesimpl
CVE-2022-42130 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.service
CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system
CVE-2022-42127 Vulnerability in maven package com.liferay:com.liferay.friendly.url.web