CVE-2022-34799 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34799 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34799 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2070 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34793 CWE-611 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-34793 CWE-611 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-34793 CWE-611 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-34800 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34800 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34800 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34801 CWE-318 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
