Description
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2160
Related Vulnerabilities
CVE-2018-10237 Vulnerability in maven package com.google.guava:guava
CVE-2021-21603 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-7307 Vulnerability in maven package org.webjars.npm:auth0-js
CVE-2014-0054 Vulnerability in maven package org.springframework:spring-web
CVE-2016-5398 Vulnerability in maven package org.jbpm:jbpm-designer-client