CVE-2013-5676 – org.jenkins-ci.plugins:sonar

Package

Manager: maven
Name: org.jenkins-ci.plugins:sonar
Vulnerable Version: >=0 <=3.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05307 pctl0.89644

Details

Jenkins SonarQube Plugin Stores Passwords in Cleartext The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.

Metadata

Created: 2022-05-17T04:56:20Z
Modified: 2025-03-13T19:18:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3x9h-3p7m-33m7/GHSA-3x9h-3p7m-33m7.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-3x9h-3p7m-33m7
Finding: F020
Auto approve: 1