CVE-2019-10378

LOW3.3EPSS 0.02%

Jenkins TestLink Plugin stores credentials in plain text

Published: 5/24/2022Modified: 2/16/2024

Description

Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix.

Affected packages (1)

Maven/org.jenkins-ci.plugins:testlinkfrom 0, <= 3.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10378
WEBhttps://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428
WEBhttp://www.openwall.com/lists/oss-security/2019/08/07/1