CVE-2022-20621

MEDIUM

Jenkins Metrics Plugin <4.0.2.8 - Info Disclosure

Title source: llm
STIX 2.1

Description

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/12/6

Scores

CVSS v3 5.5
EPSS 0.0002
EPSS Percentile 3.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-522
Status published
Products (2)
jenkins/metrics < 4.0.2.8
org.jenkins-ci.plugins/metrics 4.0.2.8 - 4.0.2.8.1Maven
Published Jan 12, 2022
Tracked Since Feb 18, 2026