Description
Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/16/6
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431
Related Vulnerabilities
CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client
CVE-2020-36144 Vulnerability in npm package redash
CVE-2020-7743 Vulnerability in maven package org.webjars.npm:mathjs
CVE-2022-36911 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat
CVE-2020-17533 Vulnerability in maven package org.apache.accumulo:accumulo-core