[jira] [Created] (KAFKA-13708) The metrics-core-2.2.0.jar on which Kafak depends has the open-source vulnerability CVE-2022-20621.

caoguangjie (Jira) Fri, 04 Mar 2022 04:16:05 -0800

caoguangjie created KAFKA-13708:
-----------------------------------

             Summary: The metrics-core-2.2.0.jar on which Kafak depends has the 
open-source vulnerability CVE-2022-20621.
                 Key: KAFKA-13708
                 URL: https://issues.apache.org/jira/browse/KAFKA-13708
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 2.7.0
            Reporter: caoguangjie



|h2. CVE-2022-20621 Detail
h3. Current Description
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in 
its global configuration file on the Jenkins controller where it can be viewed 
by users with access to the Jenkins controller file system.


[https://nvd.nist.gov/vuln/detail/CVE-2022-20621]


|



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (KAFKA-13708) The metrics-core-2.2.0.jar on which Kafak depends has the open-source vulnerability CVE-2022-20621.

Reply via email to