Sensitive Information Exposure in Jenkins Plugin for SonarQube
CVE-2013-5676

Currently unrated

Key Information:

Vendor: Sonarsource
Status: Jenkins Plugin
Vendor: CVE Published:; 13 December 2013

🔔 Create Sonarsource Vulnerability Alert

What is CVE-2013-5676?

The Jenkins Plugin for SonarQube versions 3.7 and earlier contains a vulnerability that allows remote authenticated users to access sensitive information. Specifically, the vulnerability permits users to read the sonar.sonarPassword parameter from the jenkins/configure page, revealing cleartext passwords. This exposure can lead to unauthorized access and compromise of sensitive data within the Jenkins environment.

References

http://seclists.org/fulldisclosure/2013/Dec/37

mailing-listx_refsource_FULLDISC

http://www.osvdb.org/100666

vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2013
Vulnerability Reserved
Sep 3, 2013