CVE-2018-1000425

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000425

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000425.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000425

Aliases

GHSA-3ccq-gccx-pm7j

Published

2019-01-09T23:29:02Z

Modified

2024-09-03T02:01:27.225277Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube.

References

Affected packages

Git / github.com/jenkinsci/sonarqube-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/sonarqube-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0a63a7707741d056d9b52ac9e338a0222e7359f6

Affected versions

2.*

2.0

2.0.1

2.1

2.2

2.2.1

2.3

2.4-RC1

2.4-RC2

2.4.1-RC1

2.4.1-RC2

2.4.2

2.4.2-rc1

2.4.3

2.4.3-rc1

2.4.4

2.4.4-rc1

2.6.1

sonar-1.*

sonar-1.6

sonar-1.6.1

sonar-1.7

sonar-1.7.1

sonar-1.7.2

sonar-1.8

sonar-1.8.1

sonar-2.*

sonar-2.5

sonar-2.6

sonar-2.7

sonar-2.7.1

sonar-2.8