Description
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156
Related Vulnerabilities
CVE-2020-2262 Vulnerability in maven package org.jenkins-ci.plugins:android-lint
CVE-2020-16044 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_3
CVE-2018-1317 Vulnerability in maven package org.apache.zeppelin:zeppelin