Description
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055
Related Vulnerabilities
CVE-2019-1003005 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2023-25813 Vulnerability in npm package sequelize
CVE-2010-1244 Vulnerability in maven package org.apache.activemq:activemq-web
CVE-2022-4137 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-7019 Vulnerability in maven package org.elasticsearch.plugin:x-pack