CVE-2022-27216

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 79.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Dbcharts PluginJenkins Dbcharts
Timeline
PublishedMar 15
Latest updateMar 16

Description

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_dbcharts_pluginunspecified0.5.2
NVDjenkins/dbcharts0.5.2

🔴Vulnerability Details

3
OSV
Passwords stored in plain text by Jenkins dbCharts Plugin2022-03-16
GHSA
Passwords stored in plain text by Jenkins dbCharts Plugin2022-03-16
CVEList
CVE-2022-27216: Jenkins dbCharts Plugin 02022-03-15

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-03-152022-03-15
CVE-2022-27216 (MEDIUM CVSS 6.5) | Jenkins dbCharts Plugin 0.5.2 and e | cvebase.io