Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Related Vulnerabilities

CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api

CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations

CVE-2022-31147 Vulnerability in npm package jquery-validation

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-nifi-parent

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory