-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unencrypted storage of bearer tokens in XML configuration files. Jenkins plugins typically use XStream for configuration serialization, and the descriptor class's save() method handles persistence. The combination of plaintext storage in memory (via setBearerToken) and unencrypted serialization (via save()) creates the exposure. These patterns align with Jenkins plugin development conventions and the specific file path mentioned in advisories (SparkNotifier.xml).
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:cisco-spark | maven | <= 1.1.1 |
JavaJavaOngoing coverage of React2Shell