Lucene search
JenkinsCVE-2024-34147HistoryMay 02, 2024 - 2:15 p.m.
CVE-2024-34147
2024-05-0214:15:10
CWE-522
jenkins
web.nvd.nist.gov
42
cve-2024-34147
jenkins
telegram bot
plugin
vulnerability
unencrypted
token
global configuration
file
jenkins controller
file system
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Telegram Bot Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "1.4.0",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
2024-05-02 15:30:35
vulnrichment
vulnrichment
CVE-2024-34147
2024-05-02 13:28:05
cvelist
cvelist
CVE-2024-34147
2024-05-02 13:28:05
github
github
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
2024-05-02 15:30:35
nvd
nvd
CVE-2024-34147
2024-05-02 14:15:10
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-05-02)
2024-05-02 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-34147