Описание
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system.
Zephyr Enterprise Test Management Plugin 1.10 integrates with Credentials Plugin.
Пакеты
Наименование
org.jenkins-ci.plugins:zephyr-enterprise-test-management
maven
Затронутые версииВерсия исправления
< 1.10
1.10
Связанные уязвимости
CVSS3: 5.5
nvd
почти 6 лет назад
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.