CVE-2024-34147

May 2, 2024, 6 p.m.

Tags

2024-05-02
jenkinsci-cert@googlegroups.com
CVE-2024-34147

Product(s) Impacted

Jenkins Telegram Bot Plugin

  • 1.4.0 and earlier

Description

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Weaknesses

Date

Published: May 2, 2024, 2:15 p.m.

Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

References

http://www.openwall.com/lists/oss-security/2024/05/02/3
jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3294
jenkinsci-cert@googlegroups.com