Description
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/03/28/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107628
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Scores
CVSS v3
7.8
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-311
Status
published
Products (2)
com.programmingresearch/prqa-plugin
0 - 3.1.2Maven
jenkins/prqa
< 3.1.0
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026