Lucene search
China National Vulnerability DatabaseCNVD-2022-05038HistoryJan 16, 2022 - 12:00 a.m.
Jenkins Metrics Plugin Licensing Issue Vulnerability
2022-01-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
0.0004 Low
EPSS
Percentile
12.8%
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypted access key stored in the global configuration file of the Jenkins controller, which allows users to access the Jenkins controller file system. No details of the vulnerability are currently available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Jenkins Metrics Plugin <=4. | eq | 0.2.8 |
Related
cvelist
cvelist
CVE-2022-20621
2022-01-12 19:06:00
prion
prion
Design/Logic Flaw
2022-01-12 20:15:00
osv
osv
CVE-2022-20621
2022-01-12 20:15:09
Access key stored in plain text by Jenkins Metrics Plugin
2022-01-13 00:00:57
alpinelinux
alpinelinux
CVE-2022-20621
2022-01-12 20:15:09
cve
cve
CVE-2022-20621
2022-01-12 20:15:09
redhatcve
redhatcve
CVE-2022-20621
2022-01-24 18:05:53
nvd
nvd
CVE-2022-20621
2022-01-12 20:15:09
github
github
Access key stored in plain text by Jenkins Metrics Plugin
2022-01-13 00:00:57
nessus
nessus
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00