Description
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1627
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2023-45818 Vulnerability in maven package org.webjars.npm:tinymce
CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2022-36083 Vulnerability in npm package jose-node-esm-runtime
CVE-2021-44791 Vulnerability in maven package org.apache.druid:druid
CVE-2023-24455 Vulnerability in maven package io.jenkins.plugins:visualexpert