Jenkins Dead Man's Snitch Plugin Token Exposure Vulnerability

Vulnerability

A vulnerability in the Dead Man's Snitch Plugin for Jenkins, specifically version 0.1, allows for the unmasked display of Dead Man's Snitch tokens in the job configuration form. This oversight increases the risk of token exposure to potential attackers. Additionally, the plugin stores these tokens in plain text within the job 'config.xml' files on the Jenkins controller, making them accessible to users with Item/Extended Read permission or those who can access the Jenkins controller file system.

Impact

The vulnerability could lead to unauthorized observation and capture of Dead Man's Snitch tokens, which are stored in plain text and unmasked in the job configuration form.

Added: Jul 9, 2025, 4:44 PM

Updated: Jul 9, 2025, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Dead Man's Snitch Plugin Token Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating