Vulnerability Details CVE-2019-1003048
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- http://www.securityfocus.com/bid/107628
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- http://www.securityfocus.com/bid/107628
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Products affected by CVE-2019-1003048
-
cpe:2.3:a:jenkins:prqa:0.2.0
-
cpe:2.3:a:jenkins:prqa:1.0
-
cpe:2.3:a:jenkins:prqa:1.0.1
-
cpe:2.3:a:jenkins:prqa:1.0.2
-
cpe:2.3:a:jenkins:prqa:1.0.3
-
cpe:2.3:a:jenkins:prqa:1.0.4
-
cpe:2.3:a:jenkins:prqa:1.0.5
-
cpe:2.3:a:jenkins:prqa:1.1.0
-
cpe:2.3:a:jenkins:prqa:1.1.1
-
cpe:2.3:a:jenkins:prqa:1.1.2
-
cpe:2.3:a:jenkins:prqa:1.1.3
-
cpe:2.3:a:jenkins:prqa:1.2.0
-
cpe:2.3:a:jenkins:prqa:1.2.1
-
cpe:2.3:a:jenkins:prqa:1.2.2
-
cpe:2.3:a:jenkins:prqa:2.0.11
-
cpe:2.3:a:jenkins:prqa:2.0.12
-
cpe:2.3:a:jenkins:prqa:2.0.9
-
cpe:2.3:a:jenkins:prqa:2.1.0
-
cpe:2.3:a:jenkins:prqa:3.0.0
-
cpe:2.3:a:jenkins:prqa:3.0.1
-
cpe:2.3:a:jenkins:prqa:3.1.0