Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

http://www.openwall.com/lists/oss-security/2019/09/25/3

Related Vulnerabilities

CVE-2021-31406 Vulnerability in maven package com.vaadin:flow-server

CVE-2021-27807 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2018-1256 Vulnerability in maven package io.pivotal.spring.cloud:spring-cloud-sso-connector

CVE-2010-5312 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2022-36908 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory