CVE-2022-34803: 
Java vulnerability analysis and mitigation

CVE-2022-34803 is a security vulnerability affecting the Jenkins OpsGenie Plugin versions 1.9 and earlier, discovered and reported by github.com/jetersen. The vulnerability was disclosed on June 30, 2022, and is identified as SECURITY-1877 in Jenkins security tracking. The issue relates to the insecure storage of API keys in the plugin's configuration (Jenkins Advisory).

The vulnerability has been assigned a Medium severity (CVSS) rating. The technical issue involves the storage of API keys in unencrypted format in two locations: the global configuration file (com.opsgenie.integration.jenkins.OpsGenieNotifier.xml) and job config.xml files on the Jenkins controller. Additionally, these API keys are transmitted in plain text during configuration form submissions (Jenkins Advisory).

The exposure of API keys can be accessed by users with Item/Extended Read permission (for job config.xml files) or by anyone with access to the Jenkins controller file system (for both global and job configurations). This could potentially lead to unauthorized access to OpsGenie services and compromise of related operations (Jenkins Advisory).

As of the advisory publication date, no fix was available for this vulnerability in the OpsGenie Plugin. Users should implement additional access controls to limit file system access and carefully manage Item/Extended Read permissions until a patch is released (Jenkins Advisory).