Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1wd2c3LTRoeHYtdjRjd84AAivO

Plaintext Storage in Jenkins Spira Importer Plugin

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Permalink: https://github.com/advisories/GHSA-pwg7-4hxv-v4cw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wd2c3LTRoeHYtdjRjd84AAivO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

Identifiers: GHSA-pwg7-4hxv-v4cw, CVE-2019-16543
References:

https://nvd.nist.gov/vuln/detail/CVE-2019-16543
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1554
http://www.openwall.com/lists/oss-security/2019/11/21/1
https://github.com/advisories/GHSA-pwg7-4hxv-v4cw

Blast Radius: 1.0

Affected Packages

maven:com.inflectra.spiratest.plugins:inflectra-spira-integration

Affected Version Ranges: < 3.2.3
Fixed in: 3.2.3