First published: Thu Jun 30 2022(Updated: )
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Elasticsearch Query | <=1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-34807.
The title of this vulnerability is 'Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.'
The severity of CVE-2022-34807 is medium with a severity value of 6.5.
The Jenkins Elasticsearch Query Plugin versions 1.2 and earlier are affected by CVE-2022-34807.
To fix this vulnerability, users should update to a version of Jenkins Elasticsearch Query Plugin that is newer than 1.2, where the password is stored encrypted in the global configuration file.