GHSA-36j8-f33j-vjwq

Опубликовано: 01 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.3

Описание

Passwords stored in plain text by Jenkins hpe-network-virtualization plugin

hpe-network-virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file org.jenkinsci.plugins.nvemulation.plugin.NvEmulationBuilder.xml on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller file system.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:hpe-network-virtualization

maven

Затронутые версииВерсия исправления

= 1.0

Отсутствует

EPSS

Процентиль: 67%

0.00555

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-34816

Дефекты

CWE-256

CWE-522

Связанные уязвимости

CVE-2022-34816

CVSS3: 6.5

nvd

больше 3 лет назад

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

EPSS

Процентиль: 67%

0.00555

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-34816

Дефекты

CWE-256

CWE-522