Description

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847

Related Vulnerabilities

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-standalone-server

CVE-2012-4446 Vulnerability in maven package org.apache.qpid:qpid-common

CVE-2009-2901 Vulnerability in maven package tomcat:catalina

CVE-2020-5413 Vulnerability in maven package org.springframework.integration:spring-integration

CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory