CVE-2019-1003048

HIGH

Jenkins PRQA Plugin <3.1.0 - Info Disclosure

Title source: llm

Description

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

References (3)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/03/28/2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107628

[Vendor Advisory] https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

com.programmingresearch/prqa-plugin 0 - 3.1.2Maven

jenkins/prqa < 3.1.0

Published Mar 28, 2019

Tracked Since Feb 18, 2026