Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/03/28/2

http://www.securityfocus.com/bid/107628

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Related Vulnerabilities

CVE-2020-22864 Vulnerability in npm package froala-editor

CVE-2020-6468 Vulnerability in maven package org.webjars.npm:electron

CVE-2019-12041 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack

CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13

Severity

High

Classification

CWE-311 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory