Description
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1561
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2023-1784 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2020-2160 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-33041 Vulnerability in npm package vmd
CVE-2018-1000186 Vulnerability in maven package org.jenkins-ci.plugins:ghprb
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration