Main Vulnerability Database Vulnerabilities #VU59590

#VU59590 Cleartext storage of sensitive information in Metrics - CVE-2022-20621

Published: January 13, 2022

Vulnerability identifier: #VU59590

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-20621

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Metrics

Software vendor:
Jenkins

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin stores access keys unencrypted in its global configuration file jenkins.metrics.api.MetricsAccessKey.xml on the Jenkins controller as part of its configuration. A local user can retrieve sensitive information stored in cleartext.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-01-12/

#VU59590 Cleartext storage of sensitive information in Metrics - CVE-2022-20621

Description

Remediation

External links

Please verify you're human