Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

Related Vulnerabilities

CVE-2022-31189 Vulnerability in maven package org.dspace:dspace-jspui

CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine

CVE-2018-1270 Vulnerability in maven package org.springframework:spring-messaging

CVE-2023-39156 Vulnerability in maven package org.jenkins-ci.plugins:bazaar

CVE-2021-36163 Vulnerability in maven package org.apache.dubbo:dubbo-serialization

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory