PT-2022-18840 · Jenkins · Jenkins Proxmox Plugin+1
Daniel Beck
+2
·
Published
2022-03-29
·
Updated
2023-11-17
·
CVE-2022-28141
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Proxmox Plugin versions 0.5.0 and earlier
Description
The issue concerns the storage of the Proxmox Datacenter password in an unencrypted manner within the global config.xml file on the Jenkins controller. This allows users with access to the Jenkins controller file system to view the password.
Recommendations
For Jenkins Proxmox Plugin versions 0.5.0 and earlier, consider restricting access to the global config.xml file on the Jenkins controller to minimize the risk of password exposure until a fix is available. As a temporary workaround, limit user access to the Jenkins controller file system to prevent unauthorized viewing of the Proxmox Datacenter password.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Proxmox Plugin