Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Related Vulnerabilities

CVE-2019-15953 Vulnerability in npm package total.js

CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-7693 Vulnerability in npm package sockjs

CVE-2019-14863 Vulnerability in maven package org.webjars.bower:angular

CVE-2020-7676 Vulnerability in maven package org.webjars.npm:angular

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory