Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References
Configurations
No configuration.
History
21 Nov 2024, 09:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/05/02/3 - | |
References | () https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3294 - |
03 Jul 2024, 01:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
02 May 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-02 14:15
Updated : 2024-11-21 09:18
NVD link : CVE-2024-34147
Mitre link : CVE-2024-34147
CVE.ORG link : CVE-2024-34147
JSON object : View
Products Affected
No product.
CWE
CWE-522
Insufficiently Protected Credentials