CVE-2022-36901

Published Jul 27, 2022

Last updated a year ago

Overview

Description
Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Source
jenkinsci-cert@googlegroups.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-522

Social media

Hype score
Not currently trending

Configurations