Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Affected Packages

Maven org.jenkins-ci.plugins:proxmox

Affected versions: 0 (fixed in 0.6.0)

Related CVEs

CVE-2022-28141

Key Information

GHSA ID

GHSA-w97x-j6rg-55v5

Published

March 30, 2022 12:00 AM

Last Modified

October 27, 2023 4:59 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:proxmox

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.