Description

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2091

Related Vulnerabilities

CVE-2023-33007 Vulnerability in maven package org.jenkins-ci.plugins:loadcomplete

CVE-2023-28677 Vulnerability in maven package org.jenkins-ci.plugins:convert-to-pipeline

CVE-2020-2206 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder

CVE-2020-6461 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-46119 Vulnerability in npm package parse-server

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory