Description

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2091

Related Vulnerabilities

CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault

CVE-2020-6460 Vulnerability in npm package electron

CVE-2020-13943 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2019-12423 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-jose

CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory