CVE-2019-1003048 – com.programmingresearch:prqa-plugin

Package

Manager: maven
Name: com.programmingresearch:prqa-plugin
Vulnerable Version: >=0 <3.1.2

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00015 pctl0.01991

Details

Jenkins PRQA Plugin stored password in plain text Jenkins PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted in the configuration files on disk.

Metadata

Created: 2022-05-13T01:15:11Z
Modified: 2023-10-26T14:23:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mxmw-6qgj-h67x/GHSA-mxmw-6qgj-h67x.json
CWE IDs: ["CWE-311"]
Alternative ID: GHSA-mxmw-6qgj-h67x
Finding: F020
Auto approve: 1