Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12d2Z2LXFwdzgtODNjN84AAmK3
Access token stored in plain text by Jenkins SMS Notification Plugin
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file com.hoiio.jenkins.plugin.SMSNotification.xml
on the Jenkins controller as part of its configuration.
This access token can be viewed by users with access to the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-vwfv-qpw8-83c7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12d2Z2LXFwdzgtODNjN84AAmK3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-vwfv-qpw8-83c7, CVE-2020-2297
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2297
- https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2054
- http://www.openwall.com/lists/oss-security/2020/10/08/5
- https://github.com/advisories/GHSA-vwfv-qpw8-83c7
Affected Packages
maven:com.hoiio.jenkins:sms
Affected Version Ranges: <= 1.2No known fixed version