Insufficiently Protected Credentials Affecting org.jenkins-ci.plugins:codebeamer-result-trend-updater package, versions [,1.1.4)


0.0
medium

Snyk CVSS

    Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-449959
  • published 4 Jul 2019
  • disclosed 25 Mar 2019
  • credit Viktor Gazdag

Introduced: 25 Mar 2019

CVE NOT AVAILABLE CWE-255 Open this link in a new tab

How to fix?

Upgrade org.jenkins-ci.plugins:codebeamer-result-trend-updater to version 1.1.4 or higher.

Overview

org.jenkins-ci.plugins:codebeamer-result-trend-updater is a Post-Build plugin for updating a Wiki page on codeBeamer ALM with the Test Result Trend from Jenkins.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials. The plugin stored username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins master.