CVE-2022-34799

Vulnerability

Overview

Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier store a password in plaintext within its global configuration file on the Jenkins controller. This flaw arises because the plugin fails to encrypt or mask the credential when persisting configuration data, leaving the raw password readable directly from disk [1][2].

Exploitation

Context

To exploit this vulnerability, an attacker must already have access to the Jenkins controller's file system. This is typically a post-authentication requirement — the attacker needs valid Jenkins credentials and sufficient permissions to read configuration files, such as the config.xml of the plugin or the Jenkins home directory. No network-based exploitation is possible without prior file system access [1].

Impact

With the unencrypted password exposed, an attacker who can read the file system can retrieve the stored credential. This could lead to unauthorized access to external systems configured via the Deployment Dashboard Plugin, such as artifact repositories or deployment environments, potentially enabling further lateral movement or data exfiltration [2].

Mitigation

Jenkins has released an update; users should upgrade to Deployment Dashboard Plugin version 1.0.11 or later. No workaround is described in the advisory. Administrators should also restrict file system access to the Jenkins controller to trusted users only [1][3].