CVE-2013-5676

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:sonarsource:jenkins_plugin:-:-:-:*:-:sonarqube:*:*
cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-12-13 18:55

Updated : 2024-02-28 12:00


NVD link : CVE-2013-5676

Mitre link : CVE-2013-5676

CVE.ORG link : CVE-2013-5676


JSON object : View

Products Affected

sonarsource

  • jenkins_plugin
  • sonarqube
CWE
CWE-310

Cryptographic Issues