Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508

Related Vulnerabilities

CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-web

CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2019-14862 Vulnerability in maven package org.webjars.bowergithub.knockout:knockout

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory