Sensitive Credential Exposure in Jenkins QMetry for JIRA Test Management Plugin
CVE-2019-16545

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Qmetry For Jira - Test Management Plugin
Vendor
CVE Published:
21 November 2019

Summary

The Jenkins QMetry for JIRA - Test Management Plugin exposes sensitive credentials by transmitting them in plain text within job configuration forms. This flaw raises significant security concerns, as it can allow unauthorized parties to access confidential information. Users and administrators should assess and remediate the exposure risk by ensuring secure handling of sensitive data and implementing robust security policies.

Affected Version(s)

Jenkins QMetry for JIRA - Test Management Plugin 1.13 and earlier

References

https://jenkins.io/security/advisory/2019-11-21/#SECURITY...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2019/11/21/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.