Description
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%282%29
Related Vulnerabilities
CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2021-31684 Vulnerability in maven package net.minidev:json-smart
CVE-2022-36100 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-ui
CVE-2023-50164 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-46870 Vulnerability in maven package org.apache.zeppelin:zeppelin-web