[jira] [Updated] (KAFKA-13708) The metrics-core-2.2.0.jar on which kafka depends has the open-source vulnerability CVE-2022-20621

caoguangjie (Jira) Fri, 04 Mar 2022 04:22:12 -0800


     [ 
https://issues.apache.org/jira/browse/KAFKA-13708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


caoguangjie updated KAFKA-13708:
--------------------------------
    Summary: The metrics-core-2.2.0.jar on which kafka depends has the 
open-source vulnerability CVE-2022-20621  (was: The metrics-core-2.2.0.jar on 
which kafka depends has the open-source vulnerability CVE-2022-20621.)

> The metrics-core-2.2.0.jar on which kafka depends has the open-source 
> vulnerability CVE-2022-20621
> --------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-13708
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13708
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 2.7.0
>            Reporter: caoguangjie
>            Priority: Major
>
> |h2. CVE-2022-20621 Detail
> h3. Current Description
> Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted 
> in its global configuration file on the Jenkins controller where it can be 
> viewed by users with access to the Jenkins controller file system.
> [https://nvd.nist.gov/vuln/detail/CVE-2022-20621]
> |



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (KAFKA-13708) The metrics-core-2.2.0.jar on which kafka depends has the open-source vulnerability CVE-2022-20621

Reply via email to