7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000425

GHSA ID

GHSA-3ccq-gccx-pm7j

EPSS Score

0.14067%

CWE

CWE-522

Published

5/13/2022

Updated

1/30/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000425

CVE-2018-1000425: Jenkins SonarQube Scanner Plugin stored server authentication token in plain text

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube.

(GitHub Advisory)

7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000425

GHSA ID

GHSA-3ccq-gccx-pm7j

EPSS Score

0.14067%

CWE

CWE-522

Published

5/13/2022

Updated

1/30/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:sonar	maven	<= 2.8	2.8.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper credential storage in SonarInstallation class. The advisory explicitly identifies SonarInstallation.java as the vulnerable component. In Jenkins plugin architecture:

getServerAuthenticationToken() would be the direct accessor for the credential field
configure() handles loading configuration state
XStream serialization would persist these values to disk

While the exact patch code isn't shown, the credential storage pattern in Jenkins plugins typically involves:

Plaintext fields in Domain Objects (SonarInstallation)
getters exposing sensitive data
configure() methods rebuilding state from config

These functions would appear in stack traces during:

Configuration saves (persisting plaintext)
Build steps accessing SonarQube credentials
Configuration UIs displaying credential values

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n insu**i*i*ntly prot**t** *r***nti*ls vuln*r**ility *xists in J*nkins Son*rQu** S**nn*r Plu*in *.* *n* **rli*r in Son*rInst*ll*tion.j*v* t**t *llows *tt**k*rs wit* lo**l *il* syst*m ****ss to o*t*in t** *r***nti*ls us** to *onn**t to Son*rQu**.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *r***nti*l stor*** in Son*rInst*ll*tion *l*ss. T** **visory *xpli*itly i**nti*i*s Son*rInst*ll*tion.j*v* *s t** vuln*r**l* *ompon*nt. In J*nkins plu*in *r**it**tur*: *. **tS*rv*r*ut**nti**tionTok*n() woul* ** t**

7.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000425: Jenkins SonarQube Scanner Plugin stored server authentication token in plain text

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI