Description
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2020-2316 Vulnerability in maven package org.jvnet.hudson.plugins:analysis-core
CVE-2022-3423 Vulnerability in npm package nocodb
CVE-2019-10404 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-web
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector