A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration.

Affected Packages

Maven de.eacg:ecs-publisher

Affected versions: 0 (fixed in 1.0.1)

Related CVEs

CVE-2019-1003045

Key Information

GHSA ID

GHSA-ffj8-w4rj-vr7v

Published

May 13, 2022 1:15 AM

Last Modified

January 30, 2024 9:57 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

de.eacg:ecs-publisher

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.