Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

Related Vulnerabilities

CVE-2019-5484 Vulnerability in maven package org.webjars.npm:bower

CVE-2021-43861 Vulnerability in npm package mermaid

CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger

CVE-2021-36374 Vulnerability in maven package org.apache.ant:ant

CVE-2021-44684 Vulnerability in npm package github-todos

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory