Description
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Remediation
References
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1625
http://www.openwall.com/lists/oss-security/2020/09/01/3
Related Vulnerabilities
CVE-2023-33938 Vulnerability in maven package com.liferay.portal:release.portal.bom
CVE-2022-34783 Vulnerability in maven package org.jenkins-ci.plugins:plot
CVE-2021-39154 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-1718 Vulnerability in maven package org.keycloak:keycloak-parent
CVE-2019-1003034 Vulnerability in maven package org.jenkins-ci.plugins:job-dsl