Description
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2992
http://www.openwall.com/lists/oss-security/2023/04/13/3
Related Vulnerabilities
CVE-2022-34800 Vulnerability in maven package tools.devnull:build-notifications
CVE-2020-8203 Vulnerability in npm package lodash
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:xmpbox
CVE-2022-23305 Vulnerability in maven package log4j:log4j
CVE-2022-34271 Vulnerability in maven package org.apache.atlas:atlas-intg