CVE-2022-43426

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...

GHSA-MF4P-WJRM-CMJP AWS secrets displayed without masking by Jenkins S3 Explorer Plugin

S3 Explorer Plugin stores AWSSECRETACCESSKEY in its global configuration file s3explorer.xml on the Jenkins controller as part of its configuration. While this secret is stored encrypted on disk, in S3 Explorer Plugin 1.0.8 and earlier the global configuration form does not mask the...

Design/Logic Flaw

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...

CVE-2022-43426

CVE-2022-43426 refers to Jenkins S3 Explorer Plugin versions 1.0.8 and earlier, where the AWS_SECRET_ACCESS_KEY field in the global configuration form is not masked. This creates a risk that an attacker could observe or capture the secret, as described in the CVE entry and corroborated by multipl...

PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...

CVE-2022-43426

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...