Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
{ "nvd_published_at": "2019-04-04T16:29:00Z", "cwe_ids": [ "CWE-311" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-30T21:50:19Z" }