Description
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088
Related Vulnerabilities
CVE-2023-28680 Vulnerability in maven package org.jenkins-ci.plugins:crap4j
CVE-2020-2155 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2008-5515 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2019-20343 Vulnerability in maven package org.codehaus.mojo:exec-maven-plugin