GHSA-2QH6-HHVV-M2WW Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted

HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.httprequest.HttpRequest.xml on the Jenkins controller as part of its configuration when using deprecated Basic/Digest Authentication. These passwords can be viewed by...

CVE-2022-36901

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

PT-2022-4019 · Jenkins · Jenkins Http Request Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTTP Request Plugin versions 1.15 and earlier Description: The issue is related to the storage of HTTP Request passwords in an unencrypted form in the global configuration file on the Jenkins controller. This allows users with access ...