Description
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2019-16572 Vulnerability in maven package org.jenkins-ci.plugins:weibo
CVE-2022-0087 Vulnerability in npm package @keystone-6/auth
CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-25916 Vulnerability in npm package patchmerge
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-server