Moderate severityNVD Advisory· Published Dec 13, 2013· Updated Jun 16, 2026
CVE-2013-5676
CVE-2013-5676
Description
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:sonarMaven | <= 3.7 | — |
Affected products
2- cpe:2.3:a:sonarsource:jenkins_plugin:-:-:-:*:-:sonarqube:*:*
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.