Description
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Related Vulnerabilities
CVE-2021-3632 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2021-23820 Vulnerability in npm package json-pointer
CVE-2019-10314 Vulnerability in maven package org.jenkins-ci.plugins:koji
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12
CVE-2020-36321 Vulnerability in maven package com.vaadin:flow-server