CVE-2019-10427

MEDIUM5.3EPSS 0.03%

Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form

Published: 5/24/2022Modified: 2/16/2024

Description

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected packages (1)

Maven/org.jenkins-ci.plugins:aqua-microscannerfrom 0, < 1.0.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10427
WEBhttps://jenkins.io/security/advisory/2019-09-25/#SECURITY-1507
WEBhttp://www.openwall.com/lists/oss-security/2019/09/25/3