CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:rocketchat_notifier:*:*:*:*:*:jenkins:*:*

History

22 Nov 2023, 19:59

Type Values Removed Values Added
CWE CWE-522

25 Oct 2023, 18:17

Type Values Removed Values Added
CWE CWE-256

08 Jul 2022, 03:36

Type Values Removed Values Added
First Time Jenkins
Jenkins rocketchat Notifier
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CPE cpe:2.3:a:jenkins:rocketchat_notifier:*:*:*:*:*:jenkins:*:*
References (CONFIRM) https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 - (CONFIRM) https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 - Vendor Advisory

30 Jun 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-30 18:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-34802

Mitre link : CVE-2022-34802

CVE.ORG link : CVE-2022-34802


JSON object : View

Products Affected

jenkins

  • rocketchat_notifier
CWE
CWE-522

Insufficiently Protected Credentials