Description

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055

Related Vulnerabilities

CVE-2022-45385 Vulnerability in maven package org.jenkins-ci.plugins:dockerhub-notification

CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:tomcat-jasper

CVE-2014-3679 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory