Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
www.openwall.com/lists/oss-security/2022/01/12/6
github.com/jenkinsci/publish-over-ssh-plugin
github.com/jenkinsci/publish-over-ssh-plugin/commit/2b4b9b2dfab5c001669f9a74c0e6078b0a27b928
github.com/jenkinsci/publish-over-ssh-plugin/commit/70b7689bf6fc894f4dc6c0ff34dd72808840760e
github.com/jenkinsci/publish-over-ssh-plugin/releases/tag/publish-over-ssh-1.23
nvd.nist.gov/vuln/detail/CVE-2022-23114
www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291