{"containers":{"cna":{"affected":[{"product":"Jenkins GitLab Authentication Plugin","vendor":"Jenkins project","versions":[{"lessThanOrEqual":"1.13","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"unknown","version":"next of 1.13","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."}],"providerMetadata":{"orgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","shortName":"jenkins","dateUpdated":"2023-10-24T14:20:30.302Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891"},{"name":"[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2022/03/15/2"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"jenkinsci-cert@googlegroups.com","ID":"CVE-2022-27206","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Jenkins GitLab Authentication Plugin","version":{"version_data":[{"version_affected":"<=","version_value":"1.13"},{"version_affected":"?>","version_value":"1.13"}]}}]},"vendor_name":"Jenkins project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-256: Plaintext Storage of a Password"}]}]},"references":{"reference_data":[{"name":"https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891","refsource":"CONFIRM","url":"https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891"},{"name":"[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2022/03/15/2"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:25:32.328Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891"},{"name":"[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/03/15/2"}]}]},"cveMetadata":{"assignerOrgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","assignerShortName":"jenkins","cveId":"CVE-2022-27206","datePublished":"2022-03-15T16:45:53.000Z","dateReserved":"2022-03-15T00:00:00.000Z","dateUpdated":"2024-08-03T05:25:32.328Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}