Description

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847

Related Vulnerabilities

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit

CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream

CVE-2011-2204 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2018-19837 Vulnerability in npm package node-sass

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory