Description

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057

Related Vulnerabilities

CVE-2021-45457 Vulnerability in maven package org.apache.kylin:kylin-server

CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common

CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2020-14446 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.policyeditor.ui

CVE-2023-34245 Vulnerability in npm package @udecode/plate-link

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory