Jenkins Elasticsearch Query Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

CVE-2022-34807 affects Jenkins Elasticsearch Query Plugin 1.2 and earlier. The flaw exposes a password stored unencrypted in the plugin’s global configuration file on the Jenkins controller, enabling access to the password by anyone with Jenkins controller filesystem access. Practically, this is ...

PT-2022-22359 · Jenkins · Jenkins Elasticsearch Query Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Elasticsearch Query Plugin versions 1.2 and earlier Description: The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the password is stored ...