CVE-2022-28141: 
Java vulnerability analysis and mitigation

CVE-2022-28141 is a security vulnerability discovered in the Jenkins Proxmox Plugin, identified as SECURITY-2079. The vulnerability was disclosed on March 29, 2022, affecting Proxmox Plugin versions 0.5.0 and earlier. This vulnerability involves the exposure of sensitive credentials in plaintext within the Jenkins configuration files (Jenkins Advisory).

The vulnerability is characterized by the storage of Proxmox Datacenter passwords in an unencrypted format within the global config.xml file on the Jenkins controller as part of its configuration. The severity of this vulnerability is rated as Low according to the CVSS scoring system (Jenkins Advisory).

The primary impact of this vulnerability is that users with access to the Jenkins controller file system can view the stored Proxmox Datacenter password in plaintext, potentially compromising the security of the Proxmox infrastructure (Jenkins Advisory).

The vulnerability was addressed in Proxmox Plugin version 0.6.0, which implements encryption for the Proxmox Datacenter password once the configuration is saved again. Users are advised to upgrade to this version or later to mitigate the vulnerability (Jenkins Advisory).

The vulnerability was discovered and reported by multiple security researchers including Daniel Beck from CloudBees, Inc., Long Nguyen from Viettel Cyber Security, and Marc Heyries, demonstrating collaborative efforts in the security community to identify and address Jenkins plugin vulnerabilities (Jenkins Advisory).