Lucene search
JenkinsCVELIST:CVE-2022-27217HistoryMar 15, 2022 - 4:46 p.m.
CVE-2022-27217
2022-03-1516:46:10
jenkins
www.cve.org
1
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins Vmware vRealize CodeStream Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.2",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-27217
2022-03-15 17:15:12
nvd
nvd
CVE-2022-27217
2022-03-15 17:15:12
github
github
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
2022-03-16 00:00:43
osv
osv
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
2022-03-16 00:00:43
prion
prion
Design/Logic Flaw
2022-03-15 17:15:00
cnvd
cnvd
Jenkins Vmware vRealize CodeStream Plugin信息泄露漏洞
2022-03-17 00:00:00
