Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03Mjk4LXc1NGotcTd3bc4AAtEC
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Permalink: https://github.com/advisories/GHSA-7298-w54j-q7wmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Mjk4LXc1NGotcTd3bc4AAtEC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-7298-w54j-q7wm, CVE-2022-34801
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-34801
- https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056
- https://github.com/advisories/GHSA-7298-w54j-q7wm
Affected Packages
maven:tools.devnull:build-notifications
Affected Version Ranges: <= 1.5.0No known fixed version