Description
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591
http://www.openwall.com/lists/oss-security/2019/08/07/1
Related Vulnerabilities
CVE-2010-1587 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2024-36401 Vulnerability in maven package org.geoserver.web:gs-web-app
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2022-41251 Vulnerability in maven package org.jenkins-ci.plugins:apprenda
CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons