Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2019-10435 Vulnerability in maven package org.jenkins-ci.plugins:vault-scm-plugin
CVE-2015-2944 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_2.12
CVE-2018-1067 Vulnerability in maven package io.undertow:undertow-core