Description
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545
Related Vulnerabilities
CVE-2019-14900 Vulnerability in maven package org.hibernate:hibernate-core
CVE-2022-46870 Vulnerability in maven package org.apache.zeppelin:zeppelin-web
CVE-2022-0437 Vulnerability in npm package karma
CVE-2021-32660 Vulnerability in npm package techdocs-common
CVE-2022-36906 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer