#VU64647 Unprotected storage of credentials in Convertigo Mobile Platform - CVE-2022-34199
Published: June 24, 2022
Vulnerability identifier: #VU64647
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-34199
CWE-ID: CWE-256
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Convertigo Mobile Platform
Convertigo Mobile Platform
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote user can view contents of the configuration file and gain access to passwords for 3rd party integration.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.