Description
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Related Vulnerabilities
CVE-2020-36189 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-30520 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger
CVE-2016-0706 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2019-10244 Vulnerability in maven package org.eclipse.kura:kura
CVE-2019-12041 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable