CVE-2013-5676

Sonarsource Jenkins Plugin - Cryptographic Issue

Title source: rule

Description

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.

Exploits (1)

exploitdb WRITEUP

by Christian Catalano · textwebappsphp

https://www.exploit-db.com/exploits/30409

View Code ZIP pw:eip

References (2)

[Mailing List] http://seclists.org/fulldisclosure/2013/Dec/37

[Third Party Advisory, VDB Entry] http://www.osvdb.org/100666

Scores

EPSS 0.0531

EPSS Percentile 90.1%

Details

CWE

CWE-310

Status published

Products (2)

org.jenkins-ci.plugins/sonar 0Maven

sonarsource/jenkins_plugin

Published Dec 13, 2013

Tracked Since Feb 18, 2026