Description
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Related Vulnerabilities
CVE-2019-1003000 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2020-1951 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2021-27582 Vulnerability in maven package org.mitre:openid-connect-server
CVE-2018-1000865 Vulnerability in maven package org.kohsuke:groovy-sandbox
CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core