Description

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847

Related Vulnerabilities

CVE-2023-39956 Vulnerability in npm package electron

CVE-2020-2254 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent

CVE-2020-2309 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2015-0250 Vulnerability in maven package batik:batik-transcoder

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory