Lucene search
China National Vulnerability DatabaseCNVD-2022-54928HistoryMar 31, 2022 - 12:00 a.m.
Jenkins Proxmox Plugin Information Disclosure Vulnerability
2022-03-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
19
jenkins
proxmox
information disclosure
vulnerability
global config.xml file
passwords
EPSS
0.001
Percentile
28.4%
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Proxmox Plugin 0.5.0 and earlier versions are vulnerable to an information disclosure vulnerability that stems from the plugin storing unencrypted Proxmox data center passwords in the global config.xml file on the Jenkins controller, and an attacker with access to the Jenkins controller file system could exploit the vulnerability to view that password in that file.
Related
github
github
Password stored in plain text by Jenkins Proxmox Plugin
2022-03-30 00:00:25
osv
osv
Password stored in plain text by Jenkins Proxmox Plugin
2022-03-30 00:00:25
CVE-2022-28141
2022-03-29 13:15:08
cve
cve
CVE-2022-28141
2022-03-29 13:15:08
prion
prion
Default credentials
2022-03-29 13:15:00
nvd
nvd
CVE-2022-28141
2022-03-29 13:15:08
cvelist
cvelist
CVE-2022-28141
2022-03-29 12:30:56
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
2022-03-31 00:00:00