Description

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066

Related Vulnerabilities

CVE-2017-8039 Vulnerability in maven package org.springframework.webflow:spring-webflow

CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2020-26217 Vulnerability in maven package xstream:xstream

CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow

CVE-2019-17640 Vulnerability in maven package io.vertx:vertx-core

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory