1. Home
  2. Vulnerabilities
  3. CVE-2022-45384

CVE-2022-45384

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

Weaknesses
CWE-522
Insufficiently Protected Credentials
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2022-11-15 20:15:11
(22 months ago)
Updated Date
2023-11-13 20:56:40
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Reverse Proxy Auth for Jenkins prior 1.7.4 version cpe:2.3:a:jenkins:reverse_proxy_auth::*:*:*:*:jenkins < 1.7.4