Lucene search
JenkinsCVELIST:CVE-2020-2297HistoryOct 08, 2020 - 12:40 p.m.
CVE-2020-2297
2020-10-0812:40:29
jenkins
www.cve.org
4
jenkins
sms plugin
access token
unencrypted
global configuration file
file system access
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins SMS Notification Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.2",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2020-2297
2020-10-08 13:15:12
Access token stored in plain text by Jenkins SMS Notification Plugin
2022-05-24 17:30:19
cve
cve
CVE-2020-2297
2020-10-08 13:15:12
nvd
nvd
CVE-2020-2297
2020-10-08 13:15:12
github
github
Access token stored in plain text by Jenkins SMS Notification Plugin
2022-05-24 17:30:19
prion
prion
Design/Logic Flaw
2020-10-08 13:15:00