Description
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/09/16/3
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-2014
Related Vulnerabilities
CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2021-33041 Vulnerability in npm package vmd
CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-23438 Vulnerability in npm package mpath
CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent