Description
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1546
Related Vulnerabilities
CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader
CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2018-1999024 Vulnerability in maven package org.webjars.npm:mathjax
CVE-2020-26256 Vulnerability in maven package org.webjars.npm:fast-csv