Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

Related Vulnerabilities

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-api

CVE-2022-4493 Vulnerability in maven package io.scif:scifio

CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css

CVE-2021-20328 Vulnerability in maven package org.mongodb:mongodb-driver-sync

CVE-2022-43766 Vulnerability in maven package org.apache.iotdb:iotdb-server

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry