Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-qvjr-x8fw-hghv

GitHub Security Advisory

Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file `de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml` on the Jenkins controller as part of its configuration.

These credentials can be viewed by users with access to the Jenkins controller file system.

Jenkins TraceTronic ECU-TEST Plugin 2.24 adds a new option type for sensitive options. Previously stored credentials are migrated to that option type on Jenkins startup.

Affected Packages

Maven de.tracetronic.jenkins.plugins:ecutest
Affected versions: 0 (fixed in 2.24)

Related CVEs

CVE-2021-21612

Key Information

GHSA ID
GHSA-qvjr-x8fw-hghv
Published
May 24, 2022 5:39 PM
Last Modified
October 27, 2023 1:26 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
de.tracetronic.jenkins.plugins:ecutest
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.