CVE-2022-34807

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 2

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Weaknesses

CWE-522: Insufficiently Protected Credentials

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-06-30 18:15:14
(2 years ago)
Updated Date: 2023-11-22 19:56:24
(10 months ago)

Affected Products

Jenkins

Elasticsearch Query

Configuration #1

		CPE23	From	Up To
	Jenkins Elasticsearch Query for Jenkins 1.2 and prior versions	cpe:2.3:a:jenkins:elasticsearch_query::::::jenkins		<= 1.2