PT-2023-19614 · Jenkins · Jenkins Testquality Updater Plugin+1
Long Nguyen
·
Published
2023-01-24
·
Updated
2023-02-02
·
CVE-2023-24454
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins TestQuality Updater Plugin version 1.3 and earlier
Description
The issue concerns the storage of the TestQuality Updater password in the global configuration file on the Jenkins controller. This password is stored unencrypted, allowing users with access to the Jenkins controller file system to view it.
Recommendations
For Jenkins TestQuality Updater Plugin version 1.3 and earlier, update the plugin to a version that securely stores the TestQuality Updater password.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Testquality Updater Plugin