The Jenkins Plugin for SonarQube 3.7 and previous versions allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sonarsource jenkins_plugin - |