CVE-2024-34147

May 2, 2024, 6 p.m.

None
No Score

Description

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Product(s) Impacted

Product Versions
Jenkins Telegram Bot Plugin
  • 1.4.0 and earlier

Weaknesses

References

http://www.openwall.com/lists/oss-security/2024/05/02/3
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3294

Tags

2024-05-02
jenkinsci-cert@googlegroups.com
CVE-2024-34147

Date

  • Published: May 2, 2024, 2:15 p.m.
  • Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.