Description
Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2023-36106 Vulnerability in maven package tech.powerjob:powerjob
CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular
CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core