Description
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
Related Vulnerabilities
CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2019-14862 Vulnerability in maven package org.webjars.bowergithub.knockout:knockout