Description
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2083
Related Vulnerabilities
CVE-2020-2110 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2018-1000190 Vulnerability in maven package com.blackducksoftware.integration:blackduck-hub
CVE-2023-30843 Vulnerability in npm package payload
CVE-2017-7561 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2012-5885 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core