An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job
config.xml files on the Jenkins controller as part of its configuration.
This API token can be viewed by users with access to the Jenkins controller file system.Permalink: https://github.com/advisories/GHSA-fmq9-r4p2-8272
Source: GitHub Advisory Database
Published: 9 months ago
Updated: 4 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-fmq9-r4p2-8272, CVE-2022-41255
maven:org.jenkins-ci.plugins:cons3rtVersions: <= 1.0.0
No known fixed version