Description
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088
Related Vulnerabilities
CVE-2022-39251 Vulnerability in npm package matrix-js-sdk
CVE-2010-4207 Vulnerability in maven package org.webjars:yui
CVE-2020-13933 Vulnerability in maven package org.apache.shiro:shiro-web
CVE-2017-15703 Vulnerability in maven package org.apache.nifi:nifi-authorizer
CVE-2017-5929 Vulnerability in maven package ch.qos.logback:logback-access