Description
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
Related Vulnerabilities
CVE-2018-17246 Vulnerability in npm package kibana
CVE-2019-10199 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-11989 Vulnerability in maven package org.apache.shiro:shiro-web
CVE-2012-3536 Vulnerability in maven package org.apache.james.hupa:hupa-server
CVE-2019-10076 Vulnerability in maven package org.apache.jspwiki:jspwiki-war