Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2020-2181 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding
CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-api
CVE-2020-15839 Vulnerability in maven package com.liferay.portal:release.dxp.bom