GHSA-9h79-5m2f-mqj2

Опубликовано: 24 июн. 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.3

Описание

Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text

Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller file system.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:squashtm-publisher

maven

Затронутые версииВерсия исправления

<= 1.0.0

Отсутствует

EPSS

Процентиль: 60%

0.00403

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-34213

Дефекты

CWE-522

Связанные уязвимости

CVE-2022-34213

CVSS3: 6.5

nvd

больше 3 лет назад

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

EPSS

Процентиль: 60%

0.00403

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-34213

Дефекты

CWE-522