CVE-2022-34801 – tools.devnull:build-notifications

Package

Manager: maven
Name: tools.devnull:build-notifications
Vulnerable Version: >=0 <=1.5.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00444 pctl0.62496

Details

Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Metadata

Created: 2022-07-01T00:01:07Z
Modified: 2022-12-09T04:57:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-7298-w54j-q7wm/GHSA-7298-w54j-q7wm.json
CWE IDs: ["CWE-318", "CWE-319"]
Alternative ID: GHSA-7298-w54j-q7wm
Finding: F017
Auto approve: 1