Description
Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053
http://www.openwall.com/lists/oss-security/2022/07/27/1
Related Vulnerabilities
CVE-2022-24196 Vulnerability in maven package com.itextpdf:itext7-core
CVE-2010-1157 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml
CVE-2023-37478 Vulnerability in npm package pnpm
CVE-2022-28820 Vulnerability in maven package com.adobe.acs:acs-aem-commons