Description
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591
Related Vulnerabilities
CVE-2019-0214 Vulnerability in maven package org.apache.archiva:archiva
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel-traverse
CVE-2019-10335 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2023-28935 Vulnerability in maven package org.apache.uima:uima-ducc-parent
CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal