Description

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439

Related Vulnerabilities

CVE-2019-10475 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

CVE-2017-1000388 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty

CVE-2013-4286 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-32988 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory