Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2018-20677 Vulnerability in npm package bootstrap-sass
CVE-2011-4838 Vulnerability in maven package jruby:jruby
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2019-1003037 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents