Jenkins IFTTT Build Notifier Plugin Unencrypted Key Storage Vulnerability

Vulnerability

A vulnerability exists in the IFTTT Build Notifier Plugin for Jenkins, specifically in versions through 1.2. The plugin stores IFTTT Maker Channel Keys unencrypted in job configuration files on the Jenkins controller. This sensitive information can be accessed by users with Item/Extended Read permission or those who have access to the Jenkins controller file system.

Impact

The vulnerability allows for unauthorized access to IFTTT Maker Channel Keys, which could be misused to trigger IFTTT actions on behalf of the user.

Added: Jul 9, 2025, 4:55 PM

Updated: Jul 9, 2025, 4:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins IFTTT Build Notifier Plugin Unencrypted Key Storage Vulnerability

Vulnerability

Impact

Affected Products

Jenkins IFTTT Build Notifier Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating