Vulnerabilities > CVE-2022-27195 - Unspecified vulnerability in Jenkins Parameterized Trigger

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
jenkins
NVD
Published: 2022-03-15
Updated: 2023-11-22

Summary

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.

Vulnerable Configurations

Part Description Count
Application
Jenkins
55

References