Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-h5g3-v72x-hc6f

GitHub Security Advisory

Plaintext Storage of a Password in Jenkins Jigomerge Plugin

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job `config.xml` files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Affected Packages

Maven org.jenkins-ci.plugins:jigomerge
Affected versions: 0 (last affected: 0.9)

Related CVEs

CVE-2022-34806

Key Information

GHSA ID
GHSA-h5g3-v72x-hc6f
Published
July 1, 2022 12:01 AM
Last Modified
December 9, 2022 4:52 AM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:jigomerge
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.