Description
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
Related Vulnerabilities
CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2024-36401 Vulnerability in maven package org.geoserver.web:gs-web-app
CVE-2020-9281 Vulnerability in npm package ckeditor4-dev
CVE-2020-8298 Vulnerability in npm package fs-path
CVE-2021-41079 Vulnerability in maven package org.apache.tomcat:tomcat