Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
Related Vulnerabilities
CVE-2020-1936 Vulnerability in maven package org.apache.ambari:ambari-web
CVE-2015-0886 Vulnerability in maven package org.mindrot:jbcrypt
CVE-2019-1003099 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2015-2582 Vulnerability in maven package org.keycloak:keycloak-saml-core
CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox