{"id":"GHSA-c8mf-mc3f-2wvc","summary":"Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin ","details":"Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job `config.xml` files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.","aliases":["CVE-2022-34199"],"modified":"2024-02-16T08:15:04.535876Z","published":"2022-06-24T00:00:31Z","database_specific":{"severity":"MODERATE","cwe_ids":["CWE-256","CWE-522"],"github_reviewed":true,"github_reviewed_at":"2022-07-05T22:55:56Z","nvd_published_at":"2022-06-23T17:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34199"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/convertigo-mobile-platform-plugin"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064"}],"affected":[{"package":{"name":"com.convertigo.jenkins.plugins:convertigo-mobile-platform","ecosystem":"Maven","purl":"pkg:maven/com.convertigo.jenkins.plugins/convertigo-mobile-platform"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.1"}]}],"versions":["1.0","1.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-c8mf-mc3f-2wvc/GHSA-c8mf-mc3f-2wvc.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}