5 matches found
GHSA-3CCQ-GCCX-PM7J Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...
CloudBees Jenkins SonarQube Scanner Plugin Authentication Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software release/testing projects and some timed tasks.SonarQube Scanner Plugin is a plugin used in the scanning and checking the qualit...
CVE-2018-1000425
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...
Design/Logic Flaw
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...
CVE-2018-1000425
The CVE concerns the Jenkins SonarQube Scanner Plugin (up to version 2.8) where credentials used to connect to SonarQube are stored in plaintext in SonarInstallation.java. This insufficient protection allows an attacker with local filesystem access to extract the server authentication credentials...