Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

http://www.openwall.com/lists/oss-security/2019/09/25/3

Related Vulnerabilities

CVE-2020-1725 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2022-35948 Vulnerability in maven package org.webjars.npm:undici

CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream

CVE-2019-10450 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:elasticbox

CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory