{"id":"GHSA-mxmw-6qgj-h67x","summary":"Jenkins PRQA Plugin stored password in plain text ","details":"Jenkins PRQA Plugin stored a password unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.\n\nThe plugin now stores the password encrypted in the configuration files on disk.","aliases":["CVE-2019-1003048"],"modified":"2024-02-16T08:23:34.342510Z","published":"2022-05-13T01:15:11Z","database_specific":{"github_reviewed_at":"2023-10-26T14:23:27Z","github_reviewed":true,"severity":"LOW","cwe_ids":["CWE-311"],"nvd_published_at":"2019-03-28T18:29:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003048"},{"type":"WEB","url":"https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089"},{"type":"WEB","url":"https://web.archive.org/web/20200227082607/http://www.securityfocus.com/bid/107628"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/03/28/2"}],"affected":[{"package":{"name":"com.programmingresearch:prqa-plugin","ecosystem":"Maven","purl":"pkg:maven/com.programmingresearch/prqa-plugin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2"}]}],"versions":["2.0.11","2.0.12","2.0.9","2.1.0","3.0.0","3.0.1","3.1.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mxmw-6qgj-h67x/GHSA-mxmw-6qgj-h67x.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}