CVE-2022-28135

Summary

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins instant-messaging Pluginunspecified <= 1.41affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References