CVE-2023-24454

Vulnerability

Overview

The TestQuality Updater Plugin 1.3 and earlier for Jenkins stores the TestQuality Updater password in plaintext within its global configuration file on the Jenkins controller. This configuration file is readable by any user who has access to the controller's file system, exposing sensitive credentials [1][2].

Exploitation

Prerequisites and Attack Surface

Exploitation requires that an attacker already possesses some level of access to the Jenkins controller's file system — for example, as a user with read permissions on the Jenkins home directory or through another vulnerability that grants filesystem access. No network-level authentication to the plugin is needed if the file can be read directly. The attack surface is limited to users who can access the controller's files, but that can include low-privileged Jenkins users or attackers who have compromised other parts of the system [1].

Impact

If an attacker retrieves the plaintext password, they can use it to authenticate to the TestQuality service with the same privileges as the Jenkins controller. This could lead to unauthorized access to test results, manipulation of test data, or broader compromise if the password is reused elsewhere. The vulnerability is classified with a CVSS v3.1 base score of 4.3 (Medium), reflecting the need for filesystem access but the potential for credential disclosure [2].

Mitigation

The vulnerability has been addressed in an updated version of the plugin. Users should upgrade to a patched version of the TestQuality Updater Plugin as soon as possible. No workaround is available other than upgrading or restricting filesystem access to the Jenkins controller. The Jenkins security advisory recommends updating to the latest plugin version [1].