CVE-2022-34213

Description

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.403

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2022-34213 are affected in Jenkins - squashtm-publisher 1.0.0	Windows
Vulnerabilities CVE-2022-34213 are affected in Jenkins - squashtm-publisher for Linux 1.0.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234