Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

Related Vulnerabilities

CVE-2019-10290 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan

CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-common

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

CVE-2021-32808 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2019-10354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory