Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-34799 Insufficiently Protected Credentials vulnerability in Jenkins Deployment Dashboard
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3
2022-06-30 CVE-2022-34800 Insufficiently Protected Credentials vulnerability in Jenkins Build Notifications 1.4.2/1.4.3/1.5.0
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3
2022-06-30 CVE-2022-34801 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Build Notifications 1.4.2/1.4.3/1.5.0
Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
network
low complexity
jenkins CWE-319
4.3
2022-06-30 CVE-2022-34802 Insufficiently Protected Credentials vulnerability in Jenkins Rocketchat Notifier
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3
2022-06-30 CVE-2022-34803 Insufficiently Protected Credentials vulnerability in Jenkins Opsgenie
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3
2022-06-30 CVE-2022-34804 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Opsgenie
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.
network
low complexity
jenkins CWE-319
4.3
2022-06-30 CVE-2022-34805 Insufficiently Protected Credentials vulnerability in Jenkins Skype Notifier 1.0/1.0.1/1.1.0
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-06-30 CVE-2022-34806 Insufficiently Protected Credentials vulnerability in Jenkins Jigomerge
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-06-30 CVE-2022-34807 Insufficiently Protected Credentials vulnerability in Jenkins Elasticsearch Query 1.1/1.2
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-06-30 CVE-2022-34808 Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
4.3