Description
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591
Related Vulnerabilities
CVE-2019-16541 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2023-43666 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin
CVE-2021-43306 Vulnerability in maven package org.webjars.bower:jquery-validation