CVE-2022-28141

MEDIUM6.5EPSS 0.05%

Password stored in plain text by Jenkins Proxmox Plugin

發布日:2022/3/30修改日:2024/2/16

描述

Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

受影響套件(1)

Maven/org.jenkins-ci.plugins:proxmoxfrom 0, < 0.6.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-28141
PATCHhttps://github.com/jenkinsci/proxmox-plugin
WEBhttps://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2079
WEBhttp://www.openwall.com/lists/oss-security/2022/03/29/1