PT-2018-15210 · Jenkins · Jenkins Meliora-Testlab Plugin+1

Viktor Gazdag

Published

2018-08-01

Updated

2022-05-14

CVE-2018-1999031

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins meliora-testlab Plugin versions 1.14 and earlier

Description The issue allows attackers with file system access to the Jenkins master to obtain the API key stored in the plugin's configuration. This is due to the API key not being properly secured. In affected versions, the API key is stored in plain text and is visible to users viewing the configuration form.

Recommendations For Jenkins meliora-testlab Plugin versions 1.14 and earlier, update to version 1.15 or later, which stores the API key encrypted in the configuration files and no longer transfers it to users in plain text.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1999031

GHSA-3HW6-GC8H-9243

Affected Products

Jenkins

Jenkins Meliora-Testlab Plugin

PT-2018-15210 · Jenkins · Jenkins Meliora-Testlab Plugin+1

CVE-2018-1999031

Weakness Enumeration

Related Identifiers

Affected Products

References · 6