Required CVE Record Information
Description
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1506 x_transferred
- openwall.com: [oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred