Lucene search
HistoryMay 02, 2024 - 2:15 p.m.
CVE-2024-34147
jenkins
telegram
bot
plugin
unencrypted
token
configuration file
controller
access
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
9.0%
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Related
osv
osv
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
2024-05-02 15:30:35
cve
cve
CVE-2024-34147
2024-05-02 14:15:10
cvelist
cvelist
CVE-2024-34147
2024-05-02 13:28:05
github
github
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
2024-05-02 15:30:35
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-05-02)
2024-05-02 00:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
9.0%
Related for NVD:CVE-2024-34147