Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Related Vulnerabilities

CVE-2019-10389 Vulnerability in maven package org.jenkins-ci.plugins:relution-publisher

CVE-2019-16777 Vulnerability in maven package org.webjars.bower:npm

CVE-2022-21704 Vulnerability in npm package log4js

CVE-2022-0654 Vulnerability in npm package requestretry

CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory