GHSA-m365-98j8-w96w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m365-98j8-w96w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m365-98j8-w96w/GHSA-m365-98j8-w96w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m365-98j8-w96w
- Aliases
- Published
- 2022-05-24T17:10:29Z
- Modified
- 2024-02-16T08:09:54.906904Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
- Details
-
Zephyr for JIRA Test Management Plugin 1.5 and earlier stores Jira credentials unencrypted in its global configuration file
com.thed.zephyr.jenkins.reporter.ZfjReporter.xmlon the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2020-03-09T16:15:00Z", "cwe_ids": [ "CWE-256", "CWE-312" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2023-01-06T17:03:57Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:zephyr-for-jira-test-management
Package
- Name
- org.jenkins-ci.plugins:zephyr-for-jira-test-management
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/zephyr-for-jira-test-management