This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to view the password on the target system.
The vulnerability exists due to the affected software stores its Zephyr password in plain text in the global configuration file "com.thed.zephyr.jenkins.reporter.ZeeReporter.xml". A local user with access to the master file system can obtain this credential.
Install updates from vendor's website.Vulnerable software versions
Zephyr Enterprise Test Management: 1.0 - 1.9.1CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?