Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2020-13940 Vulnerability in maven package org.apache.nifi:nifi-bootstrap
CVE-2019-10342 Vulnerability in maven package io.jenkins.docker:docker-plugin
CVE-2019-10170 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-31417 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2016-3081 Vulnerability in maven package org.apache.struts.xwork:xwork-core