Описание
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
HP ALM Quality Center Plugin 1.6 and earlier stores a password in plain text in its global configuration file org.jenkinsci.plugins.qc.QualityCenterIntegrationRecorder.xml. This password can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
org.jenkins-ci.plugins:hp-quality-center
maven
Затронутые версииВерсия исправления
<= 1.6
Отсутствует
Связанные уязвимости
CVSS3: 3.3
nvd
больше 5 лет назад
Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.