build-publisher stores passwords unencrypted. Anyone with access to the local file system can access credentials to other Jenkins systems. The credentials are also transmitted in plaintext which exposes them to various other attacks.
CPE | Name | Operator | Version |
---|---|---|---|
hudson build-publisher plugin | le | 1.10 |