GHSA-7hp3-5w4x-8f7c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7hp3-5w4x-8f7c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7hp3-5w4x-8f7c/GHSA-7hp3-5w4x-8f7c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7hp3-5w4x-8f7c
- Aliases
-
- CVE-2019-10451
- Published
- 2022-05-24T16:58:50Z
- Modified
- 2024-02-16T08:08:34.873575Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins SOASTA CloudTest Plugin stores API token in plain text
- Details
-
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file
com.soasta.jenkins.CloudTestServer.xmlon the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.As of publication of this advisory there is no fix.
- Database specific
{ "nvd_published_at": "2019-10-16T14:15:00Z", "cwe_ids": [ "CWE-312" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-27T15:46:33Z" }- References
Affected packages
Maven / com.soasta.jenkins:cloudtest
Package
- Name
- com.soasta.jenkins:cloudtest
- View open source insights on deps.dev
- Purl
- pkg:maven/com.soasta.jenkins/cloudtest