Описание
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Jenkins QMetry for JIRA - Test Management Plugin stores a credential as part of its post-build step configuration.
While the password is stored encrypted on disk since QMetry for JIRA - Test Management Plugin 1.13, it is transmitted in plain text as part of the configuration form. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.
Пакеты
Наименование
org.jenkins-ci.plugins:qmetry-for-jira-test-management
maven
Затронутые версииВерсия исправления
<= 1.13
1.14.0
Связанные уязвимости
CVSS3: 6.5
nvd
около 6 лет назад
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.