Description
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/04/12/2
http://www.securityfocus.com/bid/107790
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832
Related Vulnerabilities
CVE-2019-0232 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-25647 Vulnerability in maven package com.google.code.gson:gson
CVE-2020-6458 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-11040 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.13