GHSA-wppp-xqfv-6cm7

Source

https://github.com/advisories/GHSA-wppp-xqfv-6cm7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-wppp-xqfv-6cm7/GHSA-wppp-xqfv-6cm7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wppp-xqfv-6cm7

Aliases

CVE-2022-34808

Published

2022-07-01T00:01:08Z

Modified

2023-11-08T04:09:48.349382Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Token stored in plain text by Jenkins Cisco Spark Plugin

Details

Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file org.jenkinsci.plugins.spark.SparkNotifier.xml on the Jenkins controller as part of its configuration. These bearer tokens can be viewed by users with access to the Jenkins controller file system.

Database specific

{
    "nvd_published_at": "2022-06-30T18:15:00Z",
    "github_reviewed_at": "2022-07-12T18:18:41Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-522"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:cisco-spark

Package

Name: org.jenkins-ci.plugins:cisco-spark; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/cisco-spark

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.1.1

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1