Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| squashtest | squash_tm | * |