CVE-2022-34202Insufficiently Protected Credentials in Project Jenkins Easyqa Plugin

CWE-522Insufficiently Protected CredentialsCWE-256Plaintext Storage of a Password5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 39.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Easyqa PluginJenkins Easyqa
Timeline
PublishedJun 23
Latest updateJun 24

Description

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_easyqa_pluginunspecified1.0

🔴Vulnerability Details

3
GHSA
User passwords stored in plain text by Jenkins EasyQA Plugin2022-06-24
OSV
User passwords stored in plain text by Jenkins EasyQA Plugin2022-06-24
CVEList
CVE-2022-34202: Jenkins EasyQA Plugin 12022-06-22

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-06-222022-06-22
CVE-2022-34202 — Insufficiently Protected Credentials | cvebase