CVE-2022-34801: Cleartext Storage of Sensitive Information in Executable

July 1, 2022 (updated July 12, 2022)

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

References

github.com/advisories/GHSA-7298-w54j-q7wm
nvd.nist.gov/vuln/detail/CVE-2022-34801
www.jenkins.io/security/advisory/2022-06-30/

Code Behaviors & Features

Detect and mitigate CVE-2022-34801 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →