Description
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877
Related Vulnerabilities
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux
CVE-2022-31692 Vulnerability in maven package org.springframework.security:spring-security-web
CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger
CVE-2012-0391 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2010-1632 Vulnerability in maven package org.apache.axis2:axis2