Description

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/16/3

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-2014

Related Vulnerabilities

CVE-2020-26301 Vulnerability in npm package ssh2

CVE-2020-15256 Vulnerability in npm package object-path-set

CVE-2022-22885 Vulnerability in maven package cn.hutool:hutool-http

CVE-2018-19837 Vulnerability in npm package node-sass

CVE-2020-7707 Vulnerability in maven package org.webjars.npm:property-expr

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory Vendor Advisory