CVE-2022-34799

Name of the Vulnerable Software and Affected Versions Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier

Description The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This file, specifically de.codecentric.jenkins.dashboard.DashboardView.xml, contains the password as part of its configuration. Users with access to the Jenkins controller file system can view this password.

Recommendations For Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier, consider removing or encrypting the password stored in the de.codecentric.jenkins.dashboard.DashboardView.xml file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of the password being viewed by unauthorized users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.