CVE-2022-34808

Name of the Vulnerable Software and Affected Versions Jenkins Cisco Spark Plugin versions 1.1.1 and earlier

Description The issue is related to the storage of bearer tokens in an unencrypted form in the global configuration file org.jenkinsci.plugins.spark.SparkNotifier.xml on the Jenkins controller. This could allow a remote attacker to gain unauthorized access to sensitive information. Users with access to the Jenkins controller file system can view these bearer tokens.

Recommendations For Jenkins Cisco Spark Plugin versions 1.1.1 and earlier, consider removing or encrypting the bearer tokens stored in the org.jenkinsci.plugins.spark.SparkNotifier.xml file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.