Description
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558
http://www.openwall.com/lists/oss-security/2020/02/12/3
Related Vulnerabilities
CVE-2023-27564 Vulnerability in npm package n8n
CVE-2015-0279 Vulnerability in maven package org.richfaces:richfaces-a4j
CVE-2021-37404 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2023-3990 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2023-50764 Vulnerability in maven package org.jenkins-ci.plugins:scriptler