Jenkins Build Notifications Plugin: Plain Text Transmission of Tokens in Global Configuration Form

Jenkins Build Notifications Plugin: Plain Text Transmission of Tokens in Global Configuration Form

CVE-2022-34801 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Learn more about our Web Application Penetration Testing UK.