Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Related Vulnerabilities

CVE-2022-21671 Vulnerability in npm package @replit/crosis

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk15on

CVE-2017-7683 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory