3 matches found
org.jenkins-ci.plugins:sonar-gerrit (=428.v5c962d271b_a_5) potentially affected by CVE-2013-5676 via org.jenkins-ci.plugins:sonar (=2.13.1)
org.jenkins-ci.plugins:sonar MAVEN version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:sonar and may be impacted: - org.jenkins-ci.plugins:sonar-gerrit =428.v5c962d271ba5 Source cves: CVE-2013-5676 Source advisory:...
SonarQube Jenkins Password Disclosure
Advisory Information Title: SonarQube Jenkins Plugin - Plain Text Password Date published: 2013-12-05 Date of last update: 2013-12-05 Vendors contacted : SonarQube and Jenkins CI Discovered by: Christian Catalano Severity: High 2. Vulnerability Information CVE reference: CVE-2013-5676 CVSS v2...
CVE-2013-5676
The CVE-2013-5676 entry affects the Jenkins SonarQube Plugin (version 3.7 and earlier). The vulnerability allows remote authenticated users to obtain sensitive information by reading the sonarPassword parameter from jenkins/configure, exposing cleartext passwords. The available connected document...