An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R

API token stored in plain text by Jenkins CONS3RT Plugin

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

This API token can be viewed by users with access to the Jenkins controller file system.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 year ago
Updated: 5 months ago

CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-fmq9-r4p2-8272, CVE-2022-41255

Affected Packages

Versions: <= 1.0.0
No known fixed version