[MAVEN:GHSA-VWFV-QPW8-83C7] Access token stored in plain text by Jenkins SMS Notification Plugin
Severity
Low
Affected Packages
1
CVEs
1
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file com.hoiio.jenkins.plugin.SMSNotification.xml
on the Jenkins controller as part of its configuration.
This access token can be viewed by users with access to the Jenkins controller file system.
Package | Affected Version |
---|---|
pkg:maven/com.hoiio.jenkins/sms | <= 1.2 |
- ID
- MAVEN:GHSA-VWFV-QPW8-83C7
- Severity
- low
- URL
- https://github.com/advisories/GHSA-vwfv-qpw8-83c7
- Published
-
2022-05-24T17:30:19
(2 years ago) - Modified
-
2023-10-27T11:55:21
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/com.hoiio.jenkins/sms | com.hoiio.jenkins | sms | <= 1.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |