CVE-2022-34801

LOW3.3EPSS 0.21%

Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin

Published: 7/1/2022Modified: 2/16/2024

Description

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected packages (1)

Maven/tools.devnull:build-notificationsfrom 0, <= 1.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-34801
PATCHhttps://github.com/jenkinsci/build-notifications-plugin
WEBhttps://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056