CVE-2021-21612Insufficiently Protected Credentials in Project Jenkins Tracetronic Ecu-test Plugin

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Tracetronic Ecu-test PluginJenkins Tracetronic Ecu-test
Timeline
PublishedJan 13
Latest updateMay 24

Description

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_tracetronic_ecu-test_pluginunspecified2.23.1

🔴Vulnerability Details

3
GHSA
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin2022-05-24
OSV
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin2022-05-24
CVEList
CVE-2021-21612: Jenkins TraceTronic ECU-TEST Plugin 22021-01-13

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2021-01-132021-01-13
CVE-2021-21612 — Insufficiently Protected Credentials | cvebase