CVE-2022-34806 Vulnerability in maven package org.jenkins-ci.plugins:jigomerge

Description

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2083

Related Vulnerabilities

CVE-2018-8027 Vulnerability in maven package org.apache.camel:camel-core

CVE-2023-29508 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-macro

CVE-2019-17513 Vulnerability in maven package io.ratpack:ratpack-core

CVE-2020-15138 Vulnerability in maven package org.webjars.npm:prismjs

CVE-2019-16546 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N