VDB
CVE-2024-34147
CVE-2024-34147
PUBLISHED
Es besteht eine Schwachstelle in Jenkins. Dieser Fehler besteht im Telegram Bot Plugin, da unverschlüsselte Token in der globalen Konfigurationsdatei gespeichert werden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.10% · 27.3th percentile
Risk Scores
EPSS Score
0.10%
27.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux | |
| Jenkins | Jenkins Jenkins Telegram Bot Plugin <=1.4.0 |
Exploit Intelligence
Timeline
- May 2, 2024 CVE Published
- May 3, 2024 CVE Updated
- May 3, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 22, 2024 EPSS Score
- Jul 16, 2024 EPSS Score
- Aug 9, 2024 EPSS Score
- Sep 3, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 14, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1018.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1018 advisory
- https://www.jenkins.io/security/advisory/2024-05-02/ advisory
- https://access.redhat.com/errata/RHSA-2024:3634 advisory
- https://access.redhat.com/errata/RHSA-2024:3636 advisory
- https://access.redhat.com/errata/RHSA-2024:4597 advisory
- https://access.redhat.com/errata/RHSA-2024:8886 advisory