Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14cDQ0LTh2d3IteHdtds4AAq6T
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Permalink: https://github.com/advisories/GHSA-xp44-8vwr-xwmvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cDQ0LTh2d3IteHdtds4AAq6T
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-xp44-8vwr-xwmv, CVE-2019-10428
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10428
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508
- http://www.openwall.com/lists/oss-security/2019/09/25/3
- https://github.com/advisories/GHSA-xp44-8vwr-xwmv
Affected Packages
maven:org.jenkins-ci.plugins:aqua-security-scanner
Affected Version Ranges: <= 3.0.17Fixed in: 3.0.18