GHSA-3CCQ-GCCX-PM7J Jenkins SonarQube Scanner Plugin stored server authentication token in plain text

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...

CVE-2018-1000425

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...

Design/Logic Flaw

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...

CVE-2018-1000425

The CVE concerns the Jenkins SonarQube Scanner Plugin (up to version 2.8) where credentials used to connect to SonarQube are stored in plaintext in SonarInstallation.java. This insufficient protection allows an attacker with local filesystem access to extract the server authentication credentials...