CVE-2022-27195

Опубликовано: 15 мар. 2022

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Out of support scope
Red Hat OpenShift Container Platform 4	jenkins-2-plugins	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2065740jenkins-2-plugins/parameterized-trigger: Information disclosure

EPSS

Процентиль: 79%

0.01207

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2022-27195

CVSS3: 5.5

nvd

почти 4 года назад

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.

GHSA-5mpf-hw8f-86w9