2 matches found
CVE-2022-34806
The provided connected sources confirm a concrete vulnerability in Jenkins Jigomerge Plugin 0.9 and earlier: passwords are stored unencrypted in job config.xml on the Jenkins controller, enabling access by users with Extended Read permission or anyone with filesystem access. Root cause is plainte...
CVE-2022-34806
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...