Description

Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/30/5

http://www.securityfocus.com/bid/108159

https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1380

Related Vulnerabilities

CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2021-37306 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base

CVE-2020-23262 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2019-10095 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2019-10473 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory