CVE-2019-1003069 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner

Description

Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2016-4434 Vulnerability in maven package org.apache.tika:tika-bundle

CVE-2017-5644 Vulnerability in maven package org.apache.poi:poi-ooxml

CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.sentsin:layui

CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2023-3442 Vulnerability in maven package io.jenkins.plugins:servicenow-devops

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H