CVE-2022-34801 CWE-318 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2022-34801 CWE-318 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2056 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2022-34802 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34802 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34802 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2088 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-34803 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
CVE-2022-34803 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
CVE-2022-34803 CWE-256 Reference url : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference name : https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1877 Reference source : CONFIRM Reference tags : Vendor Advisory Reference lang :en Reference description : Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
