Description
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/09/21/5
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759
Related Vulnerabilities
CVE-2022-20612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-3223 Vulnerability in npm package node-red-dashboard
CVE-2020-7647 Vulnerability in maven package org.jooby:jooby
CVE-2021-32828 Vulnerability in maven package org.nuxeo.ecm.platform:nuxeo-platform-oauth
CVE-2019-10329 Vulnerability in maven package org.jenkins-ci.plugins:influxdb