[jira] [Created] (ZOOKEEPER-4486) The metrics-core-3.2.5.jar on which zookeeper depends has the open-source vulnerability CVE-2022-20621.

caoguangjie (Jira) Fri, 04 Mar 2022 04:22:04 -0800

caoguangjie created ZOOKEEPER-4486:
--------------------------------------

             Summary: The metrics-core-3.2.5.jar on which zookeeper depends has 
the open-source vulnerability CVE-2022-20621.
                 Key: ZOOKEEPER-4486
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4486
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.6.3
            Reporter: caoguangjie



|h2. CVE-2022-20621 Detail
h3. Current Description
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in 
its global configuration file on the Jenkins controller where it can be viewed 
by users with access to the Jenkins controller file system.

https://nvd.nist.gov/vuln/detail/CVE-2022-20621

|



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (ZOOKEEPER-4486) The metrics-core-3.2.5.jar on which zookeeper depends has the open-source vulnerability CVE-2022-20621.

Reply via email to