Description
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1561
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2018-19837 Vulnerability in npm package node-sass
CVE-2020-1929 Vulnerability in maven package org.apache.beam:beam-sdks-java-io-mongodb
CVE-2023-35110 Vulnerability in maven package de.grobmeier.json:jjson
CVE-2021-41303 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment