{"containers": {"cna": {"affected": [{"product": "Jenkins Metrics Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "4.0.2.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "unaffected", "version": "4.0.2.7.1"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:19:10.442Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"}, {"name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-20621", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Metrics Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.0.2.8"}, {"version_affected": "!", "version_value": "4.0.2.7.1"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-256: Plaintext Storage of a Password"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"}, {"name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:17:52.871Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"}, {"name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-20621", "datePublished": "2022-01-12T19:06:00", "dateReserved": "2021-10-28T00:00:00", "dateUpdated": "2024-08-03T02:17:52.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:metrics:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "C0060D91-199D-4030-820F-07932814EA3C", "versionEndIncluding": "4.0.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."}, {"lang": "es", "value": "El plugin de Jenkins Metrics versiones 4.0.2.8 y anteriores, almacena una clave de acceso sin cifrar en su archivo de configuraci\u00f3n global en el controlador de Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos del controlador de Jenkins"}], "id": "CVE-2022-20621", "lastModified": "2024-11-21T06:43:10.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-01-12T20:15:09.107", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "jenkins-2-plugins/metrics: stores access keys unencrypted in its global configuration file", "id": "2044507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044507"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-522", "details": ["Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."], "name": "CVE-2022-20621", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2022-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-20621\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-20621\nhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624"], "threat_severity": "Low"}