Lucene search
JenkinsCVELIST:CVE-2022-27195HistoryMar 15, 2022 - 4:45 p.m.
CVE-2022-27195
2022-03-1516:45:37
jenkins
www.cve.org
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins Parameterized Trigger Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.43",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.40.1"
},
{
"status": "unaffected",
"version": "2.41.1"
}
]
}
]Related
osv
osv
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
2022-03-16 00:00:45
CVE-2022-27195
2022-03-15 17:15:09
cnvd
cnvd
Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability
2022-03-17 00:00:00
prion
prion
Design/Logic Flaw
2022-03-15 17:15:00
nvd
nvd
CVE-2022-27195
2022-03-15 17:15:09
redhatcve
redhatcve
CVE-2022-27195
2022-03-18 16:17:33
cve
cve
CVE-2022-27195
2022-03-15 17:15:09
github
github
