Insecure Password Storage in Jenkins Squash TM Publisher Plugin
CVE-2022-34213
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 23 June 2022
What is CVE-2022-34213?
The Jenkins Squash TM Publisher plugin stores sensitive information, specifically passwords, in an unencrypted format within its global configuration file on the Jenkins controller. This security flaw allows any user with access to the Jenkins controller's file system to view these passwords, potentially leading to unauthorized access and compromise of sensitive data. Immediate measures should be implemented to mitigate the risks associated with unprotected credential storage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin <= 1.0.0
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved