Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12djRxLTJ3OTgtNHY4Z84AAq6S
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Permalink: https://github.com/advisories/GHSA-vv4q-2w98-4v8gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12djRxLTJ3OTgtNHY4Z84AAq6S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-vv4q-2w98-4v8g, CVE-2019-10427
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10427
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1507
- http://www.openwall.com/lists/oss-security/2019/09/25/3
- https://github.com/advisories/GHSA-vv4q-2w98-4v8g
Affected Packages
maven:org.jenkins-ci.plugins:aqua-microscanner
Affected Version Ranges: <= 1.0.7Fixed in: 1.0.8