Description
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832
Related Vulnerabilities
CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job
CVE-2020-2292 Vulnerability in maven package org.jenkins-ci.plugins:release
CVE-2023-22893 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2019-10314 Vulnerability in maven package org.jenkins-ci.plugins:koji
CVE-2022-36010 Vulnerability in npm package react-editable-json-tree