Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14djU4LWdwNDMtNm03Ns4AAjxo
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml
. This password can be viewed by users with access to the Jenkins controller file system.
Zephyr Enterprise Test Management Plugin 1.10 integrates with Credentials Plugin.
Permalink: https://github.com/advisories/GHSA-xv58-gp43-6m76JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14djU4LWdwNDMtNm03Ns4AAjxo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-xv58-gp43-6m76, CVE-2020-2145
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2145
- https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1596
- http://www.openwall.com/lists/oss-security/2020/03/09/1
- https://github.com/advisories/GHSA-xv58-gp43-6m76
Affected Packages
maven:org.jenkins-ci.plugins:zephyr-enterprise-test-management
Affected Version Ranges: < 1.10Fixed in: 1.10