Description

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Related CPE's

a

jenkins

squash_tm_publisher

*

*

*

*

*

jenkins

Vulnerable

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2089

Vendor Advisory

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2089

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-522

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-06-23T15:15:18.083Z

3 years ago

Last modified

2024-11-21T06:09:04.513Z

1 year ago