Lucene search
China National Vulnerability DatabaseCNVD-2022-58419HistoryJul 04, 2022 - 12:00 a.m.
Jenkins Skype notifier Plugin信息泄露漏洞
2022-07-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
jenkins
plugin
information disclosure
vulnerability
unencrypted passwords
global configuration file
attacker
file system access
cnvd
EPSS
0.001
Percentile
28.4%
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability exists in Jenkins Skype notifier Plugin version 1.1.0 and prior, which stems from storing unencrypted passwords in the The vulnerability is caused by storing an unencrypted password in the Jenkins controller’s global configuration file, which can be exploited by an attacker to allow users with access to the Jenkins controller’s file system to view the password.
Related
cve
cve
CVE-2022-34805
2022-06-30 18:15:14
github
github
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
2022-07-01 00:01:08
nvd
nvd
CVE-2022-34805
2022-06-30 18:15:14
prion
prion
Design/Logic Flaw
2022-06-30 18:15:00
osv
osv
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
2022-07-01 00:01:08
cvelist
cvelist
CVE-2022-34805
2022-06-30 17:48:35
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-06-30)
2023-08-04 00:00:00