CVE Vulnerabilities

CVE-2020-2218

Insufficiently Protected Credentials

Published: Jul 02, 2020 | Modified: Jul 08, 2020
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Hp_application_lifecycle_management_quality_center Hp_application_lifecycle_management_quality_center_project * 1.6

Potential Mitigations

References