Description
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
Related Vulnerabilities
CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main
CVE-2022-23457 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2019-1003094 Vulnerability in maven package org.jenkins-ci.plugins:open-stf
CVE-2020-2280 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2019-1003058 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher