Insufficiently Protected Credentials Affecting org.jenkins-ci.plugins:codebeamer-result-trend-updater package, versions [,1.1.4)
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-449959
- published 4 Jul 2019
- disclosed 25 Mar 2019
- credit Viktor Gazdag
How to fix?
Upgrade org.jenkins-ci.plugins:codebeamer-result-trend-updater
to version 1.1.4 or higher.
Overview
org.jenkins-ci.plugins:codebeamer-result-trend-updater is a Post-Build plugin for updating a Wiki page on codeBeamer ALM with the Test Result Trend from Jenkins.
Affected versions of this package are vulnerable to Insufficiently Protected Credentials. The plugin stored username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins master.