CVE-2013-5676
published 2013-12-13CVE-2013-5676: The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value…
PriorityP426medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
4.99%
91.1th percentile
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jenkins SonarQube Plugin Stores Passwords in Cleartext
ghsa·2022-05-17
CVE-2013-5676 [MEDIUM] CWE-312 Jenkins SonarQube Plugin Stores Passwords in Cleartext
Jenkins SonarQube Plugin Stores Passwords in Cleartext
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
OSV
Jenkins SonarQube Plugin Stores Passwords in Cleartext
osv·2022-05-17
CVE-2013-5676 [MEDIUM] Jenkins SonarQube Plugin Stores Passwords in Cleartext
Jenkins SonarQube Plugin Stores Passwords in Cleartext
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
Red Hat
Plugin: Plain Text Password Disclosure via configuration parameters
vendor_redhat·2013-12-06·CVSS 4.0
CVE-2013-5676 [MEDIUM] Plugin: Plain Text Password Disclosure via configuration parameters
Plugin: Plain Text Password Disclosure via configuration parameters
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
Statement: Not Vulnerable. The SonarQube plug-in for Jenkins is not shipped by Red Hat.
Package: jenkins (OpenShift Enterprise 1) - Not affected
Package: jenkins (Red Hat OpenShift Enterprise 2) - Not affected
No detection rules found.
2013-12-13
Published