GHSA-pgp9-x83g-v8x8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pgp9-x83g-v8x8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-pgp9-x83g-v8x8/GHSA-pgp9-x83g-v8x8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pgp9-x83g-v8x8
- Aliases
- Published
- 2022-07-01T00:01:07Z
- Modified
- 2024-02-16T08:15:25.778068Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
- Details
-
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file
RocketChatNotifier.xmlon the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2022-06-30T18:15:00Z", "cwe_ids": [ "CWE-256", "CWE-522" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2022-07-12T21:24:56Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:rocketchatnotifier
Package
- Name
- org.jenkins-ci.plugins:rocketchatnotifier
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/rocketchatnotifier
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.5.2
Affected versions
0.*
0.3.0-alpha
0.3.0
0.3.1-alpha
0.3.1-alpha-2016_12_09_08_25
0.3.1-alpha-2016_12_09_09_29
0.3.1
0.4.0
0.4.1-alpha-2016_12_29_17_33
0.4.1-alpha-2016_12_30_08_23
0.4.1-alpha-2016_12_30_10_10
0.4.1
0.4.4
0.4.5
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
1.*
1.0.1
1.0.3
1.0.4
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.5.0
1.5.1
1.5.2