SB2022070818 - Cleartext storage of sensitive information in Jenkins HPE Network Virtualization plugin

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022070818

SB2022070818 - Cleartext storage of sensitive information in Jenkins HPE Network Virtualization plugin

Published: July 8, 2022

Security Bulletin ID SB2022070818
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Cleartext storage of sensitive information (CVE-ID: CVE-2022-34816)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin stores passwords unencrypted in its global configuration file org.jenkinsci.plugins.nvemulation.plugin.NvEmulationBuilder.xml on the Jenkins controller as part of its configuration. A local user can gain unauthorized access to sensitive information on the system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References