Home

CVE-2022-27217

Description

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.047

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-27217 are affected in Vmware - vmware-vrealize-codestream 1.2Windows
Vulnerabilities CVE-2022-27217 are affected in Vmware - vmware-vrealize-codestream for Linux 1.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234