GHSA-7298-w54j-q7wm

Suggest an improvement
Source
https://github.com/advisories/GHSA-7298-w54j-q7wm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-7298-w54j-q7wm/GHSA-7298-w54j-q7wm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7298-w54j-q7wm
Aliases
  • CVE-2022-34801
Published
2022-07-01T00:01:07Z
Modified
2024-02-16T08:07:24.779595Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Details

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Database specific 
{
    "cwe_ids": [
        "CWE-318",
        "CWE-319"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-12T21:25:20Z",
    "nvd_published_at": "2022-06-30T18:15:00Z",
    "severity": "LOW"
}
References

Affected packages

Maven / tools.devnull:build-notifications

Package

Name
tools.devnull:build-notifications
View open source insights on deps.dev
Purl
pkg:maven/tools.devnull/build-notifications

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.5.0

Affected versions

1.*
1.4.2
1.4.3
1.5.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-7298-w54j-q7wm/GHSA-7298-w54j-q7wm.json"