Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v
User passwords stored in plain text by Jenkins EasyQA Plugin
EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file EasyQAPluginProperties.xml on the Jenkins controller as part of its configuration.
These passwords can be viewed by users with access to the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-xcp5-j5fj-3xp6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-xcp5-j5fj-3xp6, CVE-2022-34202
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-34202
- https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066
- https://github.com/advisories/GHSA-xcp5-j5fj-3xp6
Affected Packages
maven:com.geteasyqa:easyqa
Affected Version Ranges: <= 1.0No known fixed version