PT-2013-5722 · Jenkins · Jenkins Plugin For Sonarqube

Christian Catalano

Publicado

2013-12-13

Atualizado

2022-05-17

CVE-2013-5676

CVSS v4.0

5.3

Média

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Jenkins Plugin for SonarQube versions 3.7 and earlier

Description The issue allows remote authenticated users to obtain sensitive information, specifically cleartext passwords, by reading the value in the sonarPassword parameter from the jenkins/configure page.

Recommendations For Jenkins Plugin for SonarQube versions 3.7 and earlier, consider restricting access to the jenkins/configure page to minimize the risk of exploitation. Avoid using the sonarPassword parameter in the affected configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312CWE-310

Identificadores relacionados

CVE-2013-5676

GHSA-3X9H-3P7M-33M7

Produtos afetados

Jenkins Plugin For Sonarqube

PT-2013-5722 · Jenkins · Jenkins Plugin For Sonarqube

CVE-2013-5676

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6