Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-34147

May 2, 2024, 6 p.m.

Product(s) Impacted

Jenkins Telegram Bot Plugin

  • 1.4.0 and earlier

Description

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Weaknesses

Date

Published: May 2, 2024, 2:15 p.m.

Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

References

http://www.openwall.com/ jenkinsci-cert@googlegroups.com

https://www.jenkins.io/ jenkinsci-cert@googlegroups.com