Description
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759
http://www.openwall.com/lists/oss-security/2022/09/21/5
Related Vulnerabilities
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-client
CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle
CVE-2022-25167 Vulnerability in maven package org.apache.flume:flume-parent
CVE-2021-3424 Vulnerability in maven package org.keycloak:keycloak-services