GHSA-xv58-gp43-6m76

Source

https://github.com/advisories/GHSA-xv58-gp43-6m76

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xv58-gp43-6m76/GHSA-xv58-gp43-6m76.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xv58-gp43-6m76

Aliases

CVE-2020-2145

Published

2022-05-24T17:10:28Z

Modified

2024-02-16T08:06:20.826758Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Credentials stored in plain text by Zephyr Enterprise Test Management Plugin

Details

Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system.

Zephyr Enterprise Test Management Plugin 1.10 integrates with Credentials Plugin.

Database specific

{
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "cwe_ids": [
        "CWE-256",
        "CWE-522"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-14T05:23:40Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:zephyr-enterprise-test-management

Package

Name: org.jenkins-ci.plugins:zephyr-enterprise-test-management; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/zephyr-enterprise-test-management

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.8

1.9

1.9.1