nvd-json-data-feeds/CVE-2022/CVE-2022-342xx/CVE-2022-34202.json

{
  "id": "CVE-2022-34202",
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "published": "2022-06-23T17:15:17.403",
  "lastModified": "2024-11-21T07:09:03.263",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."
    },
    {
      "lang": "es",
      "value": "Jenkins EasyQA Plugin versiones 1.0 y anteriores, almacena las contrase\u00f1as de usuarios sin cifrar en su archivo de configuraci\u00f3n global en el controlador Jenkins, donde pueden ser visualizados por usuarios con acceso al sistema de archivos del controlador Jenkins"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:jenkins:easyqa:*:*:*:*:*:jenkins:*:*",
              "versionEndIncluding": "1.0",
              "matchCriteriaId": "3A03E326-6257-47E7-A8BF-4DB98DDD371C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066",
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}