Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14MncyLTU1NTItZmp2Ns4AAv5F
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration.
These passwords can be viewed by attackers with Item/Extended Read permission or access to the Jenkins controller file system.
NS-ND Integration Performance Publisher Plugin 4.8.0.146 stores passwords encrypted once job configurations are saved again.
Permalink: https://github.com/advisories/GHSA-x2w2-5552-fjv6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14MncyLTU1NTItZmp2Ns4AAv5F
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 6 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-x2w2-5552-fjv6, CVE-2022-45392
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-45392
- https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912
- http://www.openwall.com/lists/oss-security/2022/11/15/4
- https://github.com/advisories/GHSA-x2w2-5552-fjv6
Affected Packages
maven:io.jenkins.plugins:cavisson-ns-nd-integration
Affected Version Ranges: <= 4.8.0.143Fixed in: 4.8.0.146