GHSA-w97x-j6rg-55v5

Source

https://github.com/advisories/GHSA-w97x-j6rg-55v5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-w97x-j6rg-55v5/GHSA-w97x-j6rg-55v5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w97x-j6rg-55v5

Aliases

CVE-2022-28141

Published

2022-03-30T00:00:25Z

Modified

2024-02-16T08:24:14.433618Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Password stored in plain text by Jenkins Proxmox Plugin

Details

Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Database specific

{
    "nvd_published_at": "2022-03-29T13:15:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-29T22:57:53Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:proxmox

Package

Name: org.jenkins-ci.plugins:proxmox; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/proxmox

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.0

Affected versions

0.*

0.2

0.2.1

0.2.2

0.4.0

0.4.1

0.4.2

0.5.0