QID 996790
Date Published: 2024-01-23
QID 996790: Java (Maven) Security Update for org.jenkins-ci.plugins:zap (GHSA-7jx8-244g-jfpx)
Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-7jx8-244g-jfpx for updates and patch information.
Vendor References
- GHSA-7jx8-244g-jfpx -
github.com/advisories/GHSA-7jx8-244g-jfpx
CVEs related to QID 996790
Software Advisories
| Advisory ID | Software | Component | Link |
|---|