Main Vulnerability Database Vulnerabilities #VU61436

Cleartext storage of sensitive information in dbCharts - CVE-2022-27216

Published: March 17, 2022

Vulnerability identifier: #VU61436

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-27216

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
dbCharts

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration. A local user can retrieve sensitive information stored in cleartext.

How to mitigate CVE-2022-27216

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://jenkins.io/security/advisory/2022-03-15/

Cleartext storage of sensitive information in dbCharts - CVE-2022-27216

Detailed vulnerability description

How to mitigate CVE-2022-27216

Sources

Please verify you're human