Unencrypted Credential Storage in Jenkins TraceTronic ECU-TEST Plugin
CVE-2021-21612

5.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Tracetronic Ecu-test Plugin
Vendor: CVE Published:; 13 January 2021

What is CVE-2021-21612?

The Jenkins TraceTronic ECU-TEST Plugin prior to version 2.23.1 has a vulnerability that allows the exposure of sensitive credentials. These credentials are stored in the global configuration file on the Jenkins controller without encryption. As a result, any user with access to the Jenkins controller's file system can easily view these credentials, potentially leading to unauthorized access and further security breaches.

Affected Version(s)

Jenkins TraceTronic ECU-TEST Plugin <= 2.23.1

References

https://www.jenkins.io/security/advisory/2021-01-13/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Jan 4, 2021