2 matches found
CVE-2019-10459
CVE-2019-10459 affects Jenkins Mattermost Notification Plugin ≤ 2.7.0. The vulnerability stems from webhook URLs containing a secret token being stored unencrypted in the plugin’s global configuration and in job config.xml on the Jenkins master, enabling disclosure by users with Extended Read per...
CVE-2019-10459
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...