Lucene search
JenkinsCVELIST:CVE-2022-34802HistoryJun 30, 2022 - 5:48 p.m.
CVE-2022-34802
2022-06-3017:48:14
jenkins
www.cve.org
1
jenkins
rocketchat
notifier plugin
unencrypted
global configuration
file system
access
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins RocketChat Notifier Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.5.2",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-34802
2022-06-30 18:15:13
cve
cve
CVE-2022-34802
2022-06-30 18:15:13
osv
osv
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
2022-07-01 00:01:07
CVE-2022-34802
2022-06-30 18:15:13
prion
prion
Design/Logic Flaw
2022-06-30 18:15:00
github
github
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
2022-07-01 00:01:07
cnvd
cnvd
Jenkins RocketChat Notifier Plugin信息泄露漏洞
2022-07-04 00:00:00
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-06-30)
2023-08-04 00:00:00