Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R

API token stored in plain text by Jenkins CONS3RT Plugin

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

This API token can be viewed by users with access to the Jenkins controller file system.

Permalink: https://github.com/advisories/GHSA-fmq9-r4p2-8272
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: 10 months ago

CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-fmq9-r4p2-8272, CVE-2022-41255
References:

• https://nvd.nist.gov/vuln/detail/CVE-2022-41255
• https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759
• http://www.openwall.com/lists/oss-security/2022/09/21/5
• https://github.com/advisories/GHSA-fmq9-r4p2-8272

Blast Radius: 1.0

Affected Packages