Описание
Jenkins PRQA Plugin stored password in plain text
Jenkins PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.
The plugin now stores the password encrypted in the configuration files on disk.
Пакеты
Наименование
com.programmingresearch:prqa-plugin
maven
Затронутые версииВерсия исправления
< 3.1.2
3.1.2
Связанные уязвимости
CVSS3: 7.8
nvd
почти 7 лет назад
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.