CVE-2013-5676

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:sonarsource:jenkins_plugin:-:-:-:*:-:sonarqube:*:*
cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:57

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2013/Dec/37 - () http://seclists.org/fulldisclosure/2013/Dec/37 -
References () http://www.osvdb.org/100666 - () http://www.osvdb.org/100666 -

Information

Published : 2013-12-13 18:55

Updated : 2024-11-21 01:57


NVD link : CVE-2013-5676

Mitre link : CVE-2013-5676

CVE.ORG link : CVE-2013-5676


JSON object : View

Products Affected

sonarsource

  • sonarqube
  • jenkins_plugin
CWE
CWE-310

Cryptographic Issues