Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2023-33962 Vulnerability in maven package io.jstach:jstachio
CVE-2023-46660 Vulnerability in maven package org.jenkins-ci.plugins:zanata
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext