Description

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056

Related Vulnerabilities

CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api

CVE-2016-2141 Vulnerability in maven package org.jgroups:jgroups

CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro

CVE-2020-14340 Vulnerability in maven package org.jboss.xnio:xnio-nio

CVE-2015-0265 Vulnerability in maven package org.apache.ranger:ranger

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory