Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2023-1108 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-20195 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core.internal:myfaces-impl-shared
CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server
CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache