CVE-2022-34803

🗓️ 30 Jun 2022 17:48:21Reported by jenkinsType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 614 Views

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-34803	30 Jun 202218:15	–	attackerkb
CNNVD	Jenkins Plugin OpsGenie 安全漏洞	30 Jun 202200:00	–	cnnvd
CNVD	Jenkins OpsGenie Plugin Information Disclosure Vulnerability	4 Jul 202200:00	–	cnvd
Cvelist	CVE-2022-34803	30 Jun 202217:48	–	cvelist
EUVD	EUVD-2022-6205	3 Oct 202520:07	–	euvd
Github Security Blog	Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability	1 Jul 202200:01	–	github
Tenable Nessus	Jenkins plugins Multiple Vulnerabilities (2022-06-30)	4 Aug 202300:00	–	nessus
NVD	CVE-2022-34803	30 Jun 202218:15	–	nvd
OSV	GHSA-273C-FJW8-V2W8 Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability	1 Jul 202200:01	–	osv
Prion	Design/Logic Flaw	30 Jun 202218:15	–	prion

NVD

Node

jenkins opsgenieRange≤1.9jenkins

[
  {
    "product": "Jenkins OpsGenie Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.9",
        "versionType": "custom"
      }
    ]
  }
]