{"containers": {"cna": {"affected": [{"product": "Jenkins Cisco Spark Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "1.1.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.1.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:23:40.953Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2022-34808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Cisco Spark Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.1.1"}, {"version_affected": "?>", "version_value": "1.1.1"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-256: Plaintext Storage of a Password"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:22:09.877Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-34808", "datePublished": "2022-06-30T17:48:49", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:09.877Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:cisco_spark:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "25DF5666-9499-4514-8FCC-A337B916FAD7", "versionEndIncluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."}, {"lang": "es", "value": "Jenkins Cisco Spark Plugin versiones 1.1.1 y anteriores, almacena tokens de portador sin encriptar en su archivo de configuraci\u00f3n global en el controlador Jenkins donde pueden ser visualizados por usuarios con acceso al sistema de archivos del controlador Jenkins"}], "id": "CVE-2022-34808", "lastModified": "2024-11-21T07:10:13.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-30T18:15:14.797", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2055"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}