CVE-2021-21614

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-21614

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21614.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21614

Aliases

GHSA-8v72-qr3h-c6rv

Published

2021-01-13T16:15:14.350Z

Modified

2026-03-14T10:43:35.190373Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

References

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156

Affected packages

Git / github.com/jenkinsci/bumblebee-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/bumblebee-plugin

Events

Introduced

Last affected

2c515924c78d59b141aab934dcbebd16a508ede6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.5"
        }
    ]
}

Affected versions

bumblebee-3.*

bumblebee-3.0.0

bumblebee-3.0.1

bumblebee-3.0.2

bumblebee-3.0.3

bumblebee-4.*

bumblebee-4.0.0

bumblebee-4.0.1

bumblebee-4.0.2

bumblebee-4.0.3

bumblebee-4.0.4

bumblebee-4.0.5

bumblebee-4.0.6

bumblebee-4.0.7

bumblebee-4.0.8

bumblebee-4.0.9

bumblebee-4.1.0

bumblebee-4.1.1

bumblebee-4.1.2

bumblebee-4.1.3

bumblebee-4.1.4

bumblebee-4.1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21614.json"