GHSA-cr98-64h9-g8cg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cr98-64h9-g8cg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr98-64h9-g8cg/GHSA-cr98-64h9-g8cg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cr98-64h9-g8cg
- Aliases
-
- CVE-2019-10282
- Published
- 2022-05-13T01:15:02Z
- Modified
- 2024-02-16T08:19:34.534815Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins Klaros-Testmanagement Plugin stores credentials in plain text
- Details
-
Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job
config.xmlfiles on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2019-04-04T16:29:00Z", "cwe_ids": [ "CWE-522" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-26T15:24:42Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10282
- https://github.com/jenkinsci/klaros-testmanagement-plugin/commit/7bab10557cc79918f8d61bb92652a7cafb154c22
- https://github.com/jenkinsci/klaros-testmanagement-plugin
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-843
- http://www.openwall.com/lists/oss-security/2019/04/12/2
Affected packages
Maven / hudson.plugins.klaros:klaros-testmanagement
Package
- Name
- hudson.plugins.klaros:klaros-testmanagement
- View open source insights on deps.dev
- Purl
- pkg:maven/hudson.plugins.klaros/klaros-testmanagement