Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/11/15/4 | Mailing List Third Party Advisory |
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2022-11-15T00:00:00
Updated: 2023-10-24T14:26:14.042Z
Reserved: 2022-11-14T00:00:00
Link: CVE-2022-45384
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-15T20:15:11.817
Modified: 2023-11-13T20:56:40.317
Link: CVE-2022-45384
JSON object: View
Redhat Information
No data.
CWE