Lucene search

[email protected]CVE-2021-21614

HistoryJan 13, 2021 - 4:15 p.m.

CVE-2021-21614

2021-01-1316:15:14

CWE-522

[email protected]

web.nvd.nist.gov

cve-2021-21614

jenkins

bumblebee

hp alm plugin

credentials

unencrypted

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinsbumblebee_hp_almRange≤4.1.5jenkins

CPENameOperatorVersion
jenkins:bumblebee_hp_almjenkins bumblebee hp almle4.1.5

CPE	Name	Operator	Version
jenkins:bumblebee_hp_alm	jenkins bumblebee hp alm	le	4.1.5

CNA Affected

[
  {
    "product": "Jenkins Bumblebee HP ALM Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "4.1.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]