CVE-2018-1999031

Name of the Vulnerable Software and Affected Versions Jenkins meliora-testlab Plugin versions 1.14 and earlier

Description The issue allows attackers with file system access to the Jenkins master to obtain the API key stored in the plugin's configuration. This is due to the API key not being properly secured. In affected versions, the API key is stored in plain text and is visible to users viewing the configuration form.

Recommendations For Jenkins meliora-testlab Plugin versions 1.14 and earlier, update to version 1.15 or later, which stores the API key encrypted in the configuration files and no longer transfers it to users in plain text.