Description
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-common
CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2021-39232 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2013-2071 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core