CVE-2019-1003048: Missing Encryption of Sensitive Data

May 13, 2022 (updated October 26, 2023)

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

References

www.openwall.com/lists/oss-security/2019/03/28/2
github.com/advisories/GHSA-mxmw-6qgj-h67x
jenkins.io/security/advisory/2019-03-25/
nvd.nist.gov/vuln/detail/CVE-2019-1003048
web.archive.org/web/20200227082607/http://www.securityfocus.com/bid/107628

Detect and mitigate CVE-2019-1003048 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →