Sensitive Information Exposure in Jenkins Plugin for SonarQube
CVE-2013-5676

Currently unrated

Key Information:

Vendor

Sonarsource

Status
Jenkins Plugin
Vendor
CVE Published:
13 December 2013

What is CVE-2013-5676?

The Jenkins Plugin for SonarQube versions 3.7 and earlier contains a vulnerability that allows remote authenticated users to access sensitive information. Specifically, the vulnerability permits users to read the sonar.sonarPassword parameter from the jenkins/configure page, revealing cleartext passwords. This exposure can lead to unauthorized access and compromise of sensitive data within the Jenkins environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2013/Dec/37
mailing-listx_refsource_FULLDISC
http://www.osvdb.org/100666
vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.