Lucene search

[email protected]NVD:CVE-2021-21612

HistoryJan 13, 2021 - 4:15 p.m.

CVE-2021-21612

2021-01-1316:15:14

CWE-522

[email protected]

web.nvd.nist.gov

jenkins

tracetronic ecu-test plugin

unencrypted credentials

file system access

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Affected configurations

Nvd

Node

jenkinstracetronic_ecu-testRange≤2.23.1jenkins

VendorProductVersionCPE
jenkinstracetronic_ecu-test*cpe:2.3:a:jenkins:tracetronic_ecu-test:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	tracetronic_ecu-test	*	cpe:2.3:a:jenkins:tracetronic_ecu-test::::::jenkins::*

References

www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-21612

prion1 osv2 cve1 cvelist1 alpinelinux1 veracode1 github1 nessus1