GHSA-vwfv-qpw8-83c7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vwfv-qpw8-83c7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vwfv-qpw8-83c7/GHSA-vwfv-qpw8-83c7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vwfv-qpw8-83c7
- Aliases
- Published
- 2022-05-24T17:30:19Z
- Modified
- 2024-02-16T08:24:53.877452Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Access token stored in plain text by Jenkins SMS Notification Plugin
- Details
-
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file
com.hoiio.jenkins.plugin.SMSNotification.xmlon the Jenkins controller as part of its configuration.This access token can be viewed by users with access to the Jenkins controller file system.
- Database specific
{ "nvd_published_at": "2020-10-08T13:15:00Z", "cwe_ids": [ "CWE-522" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2022-12-21T18:51:51Z" }- References
Affected packages
Maven / com.hoiio.jenkins:sms
Package
- Name
- com.hoiio.jenkins:sms
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hoiio.jenkins/sms