Description

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066

Related Vulnerabilities

CVE-2020-2202 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem

CVE-2022-46682 Vulnerability in maven package org.jenkins-ci.plugins:plot

CVE-2018-1000187 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2022-39248 Vulnerability in maven package org.matrix.android:matrix-android-sdk2

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory