Description
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055
Related Vulnerabilities
CVE-2020-13926 Vulnerability in maven package org.apache.kylin:kylin-server
CVE-2023-31453 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2022-34188 Vulnerability in maven package org.jenkins-ci.plugins:hidden-parameter
CVE-2019-10279 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-reviewbot
CVE-2023-24429 Vulnerability in maven package org.jenkins-ci.plugins:semantic-versioning-plugin