Low severityNVD Advisory· Published May 2, 2024· Updated Feb 13, 2025

CVE-2024-34147

Description

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:telegrambotMaven	<= 1.4.0	—

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins/telegrambot
Range: <= 1.4.0
Jenkins Project/Telegram Bot Plugincpe-rescue
Range: 0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-94pr-w968-h923ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-34147ghsaADVISORY
www.jenkins.io/security/advisory/2024-05-02/ghsavendor-advisoryWEB
www.openwall.com/lists/oss-security/2024/05/02/3ghsaWEB

News mentions

Jenkins Security Advisory 2024-05-02
Jenkins Security Advisories · May 2, 2024

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000