1. Home
  2. Vulnerabilities
  3. CVE-2021-21634

CVE-2021-21634

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Weaknesses
CWE-522
Insufficiently Protected Credentials
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2021-03-30 12:16:10
(3 years ago)
Updated Date
2023-10-25 18:16:47
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Jabber (xmpp) Notifier And Control for Jenkins 1.41 and prior versions cpe:2.3:a:jenkins:jabber_\%28xmpp\%29_notifier_and_control::*:*:*:*:jenkins <= 1.41