Description
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057
Related Vulnerabilities
CVE-2015-0264 Vulnerability in maven package org.apache.camel:camel-core
CVE-2021-39239 Vulnerability in maven package org.apache.jena:jena-core
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4
CVE-2021-31406 Vulnerability in maven package com.vaadin:flow-server
CVE-2018-7408 Vulnerability in maven package org.webjars.npm:npm