Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
Related Vulnerabilities
CVE-2018-17192 Vulnerability in maven package org.apache.nifi:nifi-jetty
CVE-2021-22144 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2020-24554 Vulnerability in maven package com.liferay.release.portal.bom
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity