Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1teG13LTZxZ2otaDY3eM33gg
Jenkins PRQA Plugin stored password in plain text
Jenkins PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.
The plugin now stores the password encrypted in the configuration files on disk.
Permalink: https://github.com/advisories/GHSA-mxmw-6qgj-h67xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teG13LTZxZ2otaDY3eM33gg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-mxmw-6qgj-h67x, CVE-2019-1003048
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003048
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- https://web.archive.org/web/20200227082607/http://www.securityfocus.com/bid/107628
- https://github.com/advisories/GHSA-mxmw-6qgj-h67x
Affected Packages
maven:com.programmingresearch:prqa-plugin
Affected Version Ranges: < 3.1.2Fixed in: 3.1.2