Google Calendar Plugin stores a calendar password unencrypted in job config.xml
files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
As of publication of this advisory, there is no fix.
{ "nvd_published_at": "2019-09-25T16:15:00Z", "github_reviewed_at": "2023-03-01T22:37:31Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-522" ] }