GHSA-x75r-g63m-82wj

Опубликовано: 16 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Passwords stored in plain text by Jenkins dbCharts Plugin

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller file system.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:dbCharts

maven

Затронутые версииВерсия исправления

<= 0.5.2

Отсутствует

EPSS

Процентиль: 55%

0.00325

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-27216

Дефекты

CWE-522

Связанные уязвимости

CVE-2022-27216

CVSS3: 6.5

nvd

почти 4 года назад

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

EPSS

Процентиль: 55%

0.00325

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-27216

Дефекты

CWE-522