CVE ID | |
CVSS SCORE | 3.3, AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
AFFECTED VENDORS |
Jenkins |
AFFECTED PRODUCTS |
View26 Test-Reporting |
VULNERABILITY DETAILS |
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins View26 Test-Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the View26 Test-Reporting plugin. The issue results from storing credentials in plaintext. An attacker can leverage this vulnerability to execute code in the context of the build process. |
ADDITIONAL DETAILS |
This vulnerability is being disclosed publicly without a patch in accordance with ZDI policies. 06/18/19 - ZDI reported the vulnerability to the vendor -- Mitigation: |
DISCLOSURE TIMELINE |
|
CREDIT | David Fiser (Trend Micro Team Nebula) |