CVE-2019-10428

HIGH7.5EPSS 0.05%

Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form

Published: 5/24/2022Modified: 2/16/2024

Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected packages (1)

Maven/org.jenkins-ci.plugins:aqua-security-scannerfrom 0, < 3.0.18

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10428
WEBhttps://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
WEBhttp://www.openwall.com/lists/oss-security/2019/09/25/3