CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink

Description

Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428

https://www.zerodayinitiative.com/advisories/ZDI-19-839/

Related Vulnerabilities

CVE-2023-34981 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2019-1003073 Vulnerability in maven package org.jenkins-ci.plugins:vsts-cd

CVE-2020-7663 Vulnerability in npm package websocket-extensions

CVE-2020-17518 Vulnerability in maven package org.apache.flink:flink-runtime_2.12

CVE-2018-14721 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L