Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m59q-vgq9-75cr

GitHub Security Advisory

Password stored in plain text by Jenkins RQM Plugin

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file `net.praqma.jenkins.rqm.RqmBuilder.xml` on the Jenkins controller as part of its configuration.

This password can be viewed by users with access to the Jenkins controller file system.

Affected Packages

Maven net.praqma:rqm-plugin
Affected versions: 0 (last affected: 2.8)

Related CVEs

CVE-2022-34809

Key Information

GHSA ID
GHSA-m59q-vgq9-75cr
Published
July 1, 2022 12:01 AM
Last Modified
December 12, 2022 9:35 PM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
net.praqma:rqm-plugin
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.