Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.

Affected Packages

Maven com.convertigo.jenkins.plugins:convertigo-mobile-platform

Affected versions: 0 (last affected: 1.1)

Related CVEs

CVE-2022-25210

Key Information

GHSA ID

GHSA-vwx4-frpr-w27j

Published

February 16, 2022 12:01 AM

Last Modified

December 1, 2022 10:11 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

com.convertigo.jenkins.plugins:convertigo-mobile-platform

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.