-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:tfs | maven | <= 5.157.1 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly states the webhook secret is stored unencrypted in TeamPluginGlobalConfig.xml. Jenkins plugin configurations are typically serialized via XStream, and fields in Java classes like TeamPluginGlobalConfig are directly mapped to XML elements. The presence of a 'webhookSecret' field in this class (without Jenkins' Secret handling or encryption annotations) would explain the plaintext storage. This matches CWE-256/311 patterns where sensitive data isn't encrypted at rest.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report