CVE-2022-34802: 
Java vulnerability analysis and mitigation

RocketChat Notifier Plugin for Jenkins version 1.5.2 and earlier contains a security vulnerability identified as CVE-2022-34802. The vulnerability was discovered and disclosed on June 30, 2022, affecting the plugin's handling of sensitive information. This vulnerability impacts the Jenkins RocketChat Notifier Plugin's configuration storage mechanism (Jenkins Advisory).

The vulnerability is classified with a Low severity CVSS score. The core issue involves the plugin storing sensitive credentials (login password and webhook token) in an unencrypted format within the global configuration file 'RocketChatNotifier.xml' on the Jenkins controller as part of its configuration (Jenkins Advisory).

The primary impact of this vulnerability is that users with access to the Jenkins controller file system can view the stored secrets (login password and webhook token) in plain text. This exposure of credentials could potentially lead to unauthorized access to RocketChat services integrated with Jenkins (Jenkins Advisory).

As of the advisory's publication date, there was no fix available for this vulnerability. Organizations using the affected versions of the RocketChat Notifier Plugin should implement strict access controls to the Jenkins controller file system to minimize the risk (Jenkins Advisory).

The vulnerability was reported by multiple security researchers: Long Nguyen from Viettel Cyber Security and independently by Son Nguyen (@s0nnguy3n_), and Marc Heyries, demonstrating the security community's active involvement in identifying Jenkins plugin vulnerabilities (Jenkins Advisory).