logo

Database

Non-encrypted confidential information In org.jenkins-ci.plugins:github-pr-coverage-status

Description

Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2023-244422. NVD-2023-244423. OSV-2023-244424. GCVE-2023-24442

References

1. https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.