Description
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1551
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2022-24771 Vulnerability in npm package node-forge
CVE-2018-1000145 Vulnerability in maven package org.jvnet.hudson.plugins:perforce
CVE-2021-21172 Vulnerability in npm package electron
CVE-2022-21213 Vulnerability in maven package org.webjars.npm:mout
CVE-2021-32730 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui