GHSA-mxmw-6qgj-h67x

Source

https://github.com/advisories/GHSA-mxmw-6qgj-h67x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mxmw-6qgj-h67x/GHSA-mxmw-6qgj-h67x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mxmw-6qgj-h67x

Aliases

CVE-2019-1003048

Published

2022-05-13T01:15:11Z

Modified

2024-02-16T08:23:34.342510Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins PRQA Plugin stored password in plain text

Details

Jenkins PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.

The plugin now stores the password encrypted in the configuration files on disk.

Database specific

{
    "nvd_published_at": "2019-03-28T18:29:00Z",
    "cwe_ids": [
        "CWE-311"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T14:23:27Z"
}

References

Affected packages

Maven / com.programmingresearch:prqa-plugin

Package

Name: com.programmingresearch:prqa-plugin; View open source insights on deps.dev
Purl: pkg:maven/com.programmingresearch/prqa-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2

Affected versions

2.*

2.0.9

2.0.11

2.0.12

2.1.0

3.*

3.0.0

3.0.1

3.1.0