Lucene search
JenkinsCVELIST:CVE-2022-27206HistoryMar 15, 2022 - 4:45 p.m.
CVE-2022-27206
2022-03-1516:45:53
jenkins
www.cve.org
6
cve-2022-27206
jenkins
gitlab
authentication
plugin
vulnerability
unencrypted
config file
jenkins controller
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins GitLab Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.13",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-27206
2022-03-15 17:15:11
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
2022-03-16 00:00:43
cnvd
cnvd
Jenkins GitLab Authentication Plugin Information Disclosure Vulnerability
2022-03-17 00:00:00
prion
prion
Design/Logic Flaw
2022-03-15 17:15:00
cve
cve
CVE-2022-27206
2022-03-15 17:15:11
nvd
nvd
CVE-2022-27206
2022-03-15 17:15:11
github
github
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
2022-03-16 00:00:43
