Description
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jenkins project | Jenkins Convertigo Mobile Platform Plugin | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-6021 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. |
 Github GHSA |
GHSA-c8mf-mc3f-2wvc | Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin |
References
History
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-03T08:16:17.279Z
Reserved: 2022-06-21T00:00:00.000Z
Link: CVE-2022-34199
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-23T17:15:17.220
Modified: 2024-11-21T07:09:02.920
Link: CVE-2022-34199
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses