2 matches found
Jenkins SonarQube Plugin Stores Passwords in Cleartext
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information cleartext passwords by reading the value in the sonar.sonarPassword parameter from jenkins/configure...
SonarQube Jenkins Password Disclosure
Advisory Information Title: SonarQube Jenkins Plugin - Plain Text Password Date published: 2013-12-05 Date of last update: 2013-12-05 Vendors contacted : SonarQube and Jenkins CI Discovered by: Christian Catalano Severity: High 2. Vulnerability Information CVE reference: CVE-2013-5676 CVSS v2...