Description
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1575
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2022-34158 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_2.13
CVE-2022-24429 Vulnerability in npm package convert-svg-core
CVE-2023-48238 Vulnerability in npm package json-web-token
CVE-2021-21618 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector