CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
6.5
MEDIUM
CVSS 3.1
EPSS 0.87%
Description
Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
How to fix CVE-2022-45384
To remediate CVE-2022-45384, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.4 or later
Is CVE-2022-45384 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.7.3, < 1.7.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |