CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
22.0%
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml
on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionally, the global configuration form does not mask the API key, increasing the potential for attackers to observe and capture it.
Vendor | Product | Version | CPE |
---|---|---|---|
org.jenkins-ci.plugins | bigpanda-jenkins | * | cpe:2.3:a:org.jenkins-ci.plugins:bigpanda-jenkins:*:*:*:*:*:*:*:* |