WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-34199 Vulnerability in maven package com.convertigo.jenkins.plugins:convertigo-mobile-platform

Description

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064

Related Vulnerabilities

CVE-2019-1003035 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

CVE-2017-12648 Vulnerability in maven package com.liferay:com.liferay.frontend.taglib

CVE-2012-5636 Vulnerability in maven package org.apache.wicket:wicket

CVE-2012-1724 Vulnerability in maven package xerces:xercesimpl

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory