Description
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591
Related Vulnerabilities
CVE-2022-39299 Vulnerability in npm package @node-saml/passport-saml
CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro
CVE-2023-5217 Vulnerability in npm package electron
CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc