Description

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057

Related Vulnerabilities

CVE-2020-11989 Vulnerability in maven package org.apache.shiro:shiro-web

CVE-2020-35460 Vulnerability in maven package net.sf.mpxj:mpxj

CVE-2022-38723 Vulnerability in maven package io.gravitee.apim.rest.api:gravitee-apim-rest-api-service

CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2022-23944 Vulnerability in maven package org.apache.shenyu:shenyu-common

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory