GHSA-h5g3-v72x-hc6f

Source

https://github.com/advisories/GHSA-h5g3-v72x-hc6f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-h5g3-v72x-hc6f/GHSA-h5g3-v72x-hc6f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h5g3-v72x-hc6f

Aliases

CVE-2022-34806

Published

2022-07-01T00:01:08Z

Modified

2024-02-16T08:22:13.093351Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Plaintext Storage of a Password in Jenkins Jigomerge Plugin

Details

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Database specific

{
    "nvd_published_at": "2022-06-30T18:15:00Z",
    "cwe_ids": [
        "CWE-256",
        "CWE-522"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T15:41:52Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:jigomerge

Package

Name: org.jenkins-ci.plugins:jigomerge; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/jigomerge

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.9

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9