Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml
files on the Jenkins controller as part of its configuration.
This API token can be viewed by users with access to the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-fmq9-r4p2-8272JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-fmq9-r4p2-8272, CVE-2022-41255
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41255
- https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759
- http://www.openwall.com/lists/oss-security/2022/09/21/5
- https://github.com/advisories/GHSA-fmq9-r4p2-8272
Affected Packages
maven:org.jenkins-ci.plugins:cons3rt
Affected Version Ranges: <= 1.0.0No known fixed version