Description

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1554

http://www.openwall.com/lists/oss-security/2019/11/21/1

Related Vulnerabilities

CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2

CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2023-34603 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2021-32803 Vulnerability in npm package tar

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory