Description
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1596
http://www.openwall.com/lists/oss-security/2020/03/09/1
Related Vulnerabilities
CVE-2023-34055 Vulnerability in maven package org.springframework.boot:spring-boot-actuator
CVE-2022-24898 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-nar-bundles
CVE-2022-45378 Vulnerability in maven package soap:soap
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core