Description
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877
Related Vulnerabilities
CVE-2023-25164 Vulnerability in npm package @tinacms/cli
CVE-2010-3718 Vulnerability in maven package tomcat:catalina
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components
CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook
CVE-2022-34781 Vulnerability in maven package com.xebialabs.ci:xlrelease-plugin