Jenkins Stack Hammer Plugin API Key Storage Vulnerability

A vulnerability exists in the Stack Hammer Plugin for Jenkins, specifically in versions through 1.0.6. The plugin stores Stack Hammer API keys in plain text within job config.xml files on the Jenkins controller. This unencrypted storage allows users with Extended Read permission or access to the Jenkins controller file system to view these API keys.

Impact

Exposed API keys can lead to unauthorized access or actions within the Stack Hammer service, depending on the permissions and capabilities associated with the API keys.