CVE-2022-34202
First published: Wed Jun 22 2022(Updated: )
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Easyqa | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-34202?
CVE-2022-34202 has a medium severity rating due to the risk of unauthorized access to sensitive user passwords.
How do I fix CVE-2022-34202?
To fix CVE-2022-34202, upgrade the Jenkins EasyQA Plugin to version 1.1 or later, which resolves the unencrypted password storage issue.
What are the risks associated with CVE-2022-34202?
The risks associated with CVE-2022-34202 include potential exposure of user passwords to any user with file system access to the Jenkins controller.
Which versions of Jenkins EasyQA are affected by CVE-2022-34202?
CVE-2022-34202 affects Jenkins EasyQA Plugin version 1.0 and earlier.
What should I do if I cannot upgrade to a fixed version of Jenkins EasyQA due to compatibility issues?
If you cannot upgrade, you should implement strict file system permissions to limit access to the Jenkins controller configuration file.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins easyqa
- version/jenkins easyqa/1.0