Home

CVE-2019-16544

Description

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.263

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-16544 are fixed in Jenkins - qmetry-for-jira-test-management 1.13Windows
Vulnerabilities CVE-2019-16544 are fixed in Jenkins - qmetry-for-jira-test-management for Linux 1.13Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234