Lucene search
China National Vulnerability DatabaseCNVD-2022-53898HistoryJul 04, 2022 - 12:00 a.m.
Jenkins Elasticsearch Query Plugin信息泄露漏洞
2022-07-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
jenkins
elasticsearch query plugin
information disclosure
vulnerability
unencrypted passwords
global configuration
file system
cnvd
EPSS
0.001
Percentile
28.4%
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability exists in Jenkins Elasticsearch Query Plugin version 1.2 and prior, which stems from storing unencrypted passwords in the The vulnerability is caused by storing an unencrypted password in the Jenkins controller’s global configuration file, which can be exploited by an attacker to allow a user with access to the Jenkins controller file system to view the password.
Related
nvd
nvd
CVE-2022-34807
2022-06-30 18:15:14
prion
prion
Design/Logic Flaw
2022-06-30 18:15:00
cve
cve
CVE-2022-34807
2022-06-30 18:15:14
cvelist
cvelist
CVE-2022-34807
2022-06-30 17:48:43
github
github
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
2022-07-01 00:01:08
osv
osv
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
2022-07-01 00:01:08
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-06-30)
2023-08-04 00:00:00