CVE-2021-21614
First published: Wed Jan 13 2021(Updated: )
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file `com.agiletestware.bumblebee.BumblebeeGlobalConfig.xml` on the Jenkins controller as part of its configuration. These credentials can be viewed by users with access to the Jenkins controller file system. Jenkins Bumblebee HP ALM Plugin 4.1.6 stores credentials encrypted once its configuration is saved again.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Bumblebee Hp Alm | <=4.1.5 | |
| maven/org.jenkins-ci.plugins:bumblebee | <=4.1.5 | 4.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-8v72-qr3h-c6rv
- alias/CVE-2021-21614
- collector/github-advisory
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins bumblebee hp alm
- version/jenkins bumblebee hp alm/4.1.5
- package-manager/maven