Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v

User passwords stored in plain text by Jenkins EasyQA Plugin

EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file EasyQAPluginProperties.xml on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller file system.

Permalink: https://github.com/advisories/GHSA-xcp5-j5fj-3xp6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-xcp5-j5fj-3xp6, CVE-2022-34202
References: Blast Radius: 1.0

Affected Packages

maven:com.geteasyqa:easyqa
Affected Version Ranges: <= 1.0
No known fixed version