Description

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439

Related Vulnerabilities

CVE-2023-24445 Vulnerability in maven package org.jenkins-ci.plugins:openid

CVE-2018-1999035 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster

CVE-2018-11537 Vulnerability in maven package org.webjars:angular-jwt

CVE-2020-35216 Vulnerability in maven package io.atomix:atomix

CVE-2019-12404 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory