Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Jenkins Vmware vRealize CodeStream Plugin by Jenkins project

    CVE-2022-27217 (GCVE-0-2022-27217)

    Vulnerability from nvd – Published: 2022-03-15 16:46 – Updated: 2024-08-03 05:25
    VLAI
    Summary
    Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Vmware vRealize CodeStream Plugin Affected: unspecified , ≤ 1.2 (custom)
    Unknown: next of 1.2 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
              },
              {
                "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Vmware vRealize CodeStream Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:20:43.105Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
            },
            {
              "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-27217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Vmware vRealize CodeStream Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.2"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256: Plaintext Storage of a Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
                },
                {
                  "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-27217",
        "datePublished": "2022-03-15T16:46:10.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:32.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27217 (GCVE-0-2022-27217)

    Vulnerability from cvelistv5 – Published: 2022-03-15 16:46 – Updated: 2024-08-03 05:25
    VLAI
    Summary
    Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Vmware vRealize CodeStream Plugin Affected: unspecified , ≤ 1.2 (custom)
    Unknown: next of 1.2 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
              },
              {
                "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Vmware vRealize CodeStream Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:20:43.105Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
            },
            {
              "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-27217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Vmware vRealize CodeStream Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.2"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256: Plaintext Storage of a Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238"
                },
                {
                  "name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-27217",
        "datePublished": "2022-03-15T16:46:10.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:32.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }