CVE-2019-10451
MEDIUM4.3EPSS 0.02%Jenkins SOASTA CloudTest Plugin stores API token in plain text
Published: 5/24/2022Modified: 2/16/2024
Description
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file `com.soasta.jenkins.CloudTestServer.xml` on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there is no fix.
Affected packages (1)
- Maven/com.soasta.jenkins:cloudtestfrom 0, <= 2.25
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |