CVE-2022-28141 – org.jenkins-ci.plugins:proxmox

Package

Manager: maven
Name: org.jenkins-ci.plugins:proxmox
Vulnerable Version: >=0 <0.6.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00547 pctl0.66877

Details

Password stored in plain text by Jenkins Proxmox Plugin Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Metadata

Created: 2022-03-30T00:00:25Z
Modified: 2023-10-27T16:59:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-w97x-j6rg-55v5/GHSA-w97x-j6rg-55v5.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-w97x-j6rg-55v5
Finding: F035
Auto approve: 1