Description

Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877

Related Vulnerabilities

CVE-2022-22984 Vulnerability in npm package snyk

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts

CVE-2015-0226 Vulnerability in maven package org.apache.ws.security:wss4j

CVE-2018-11775 Vulnerability in maven package org.apache.activemq:activemq-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory