CVE-2022-41247

Insufficiently Protected Credentials in maven/org.jenkins-ci.plugins/bigpanda-jenkins

Identifiers

GHSA-j7xv-fc46-hgpg, CVE-2022-41247

Package Slug

maven/org.jenkins-ci.plugins/bigpanda-jenkins

Vulnerability

Insufficiently Protected Credentials

Description

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Affected Versions

All versions up to 1.4.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-27

source