Description

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847

Related Vulnerabilities

CVE-2023-27898 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-29510 Vulnerability in maven package org.xwiki.platform:xwiki-platform-localization-source-wiki

CVE-2020-1723 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-jasper

CVE-2019-1352 Vulnerability in maven package org.webjars.npm:nodegit

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory