Description

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847

Related Vulnerabilities

CVE-2018-11787 Vulnerability in maven package org.apache.karaf.webconsole:org.apache.karaf.webconsole.features

CVE-2011-0534 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2018-11788 Vulnerability in maven package org.apache.karaf.specs:org.apache.karaf.specs.java.xml

CVE-2022-4135 Vulnerability in npm package electron

CVE-2022-45386 Vulnerability in maven package org.jenkins-ci.plugins:violations

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory