Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2022/03/15/2 | Mailing List Third Party Advisory |
| https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2159 | Vendor Advisory |
Configurations
History
25 Mar 2022, 13:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-522 | |
| CPE | cpe:2.3:a:jenkins:dbcharts:*:*:*:*:*:jenkins:*:* | |
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
| References | (MLIST) http://www.openwall.com/lists/oss-security/2022/03/15/2 - Mailing List, Third Party Advisory | |
| References | (CONFIRM) https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2159 - Vendor Advisory |
15 Mar 2022, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
15 Mar 2022, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-15 17:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27216
Mitre link : CVE-2022-27216
CVE.ORG link : CVE-2022-27216
JSON object : View
Products Affected
jenkins
- dbcharts
CWE
CWE-522
Insufficiently Protected Credentials