Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14cDQ0LTh2d3IteHdtds4AAq6T

Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Permalink: https://github.com/advisories/GHSA-xp44-8vwr-xwmv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cDQ0LTh2d3IteHdtds4AAq6T
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 10 months ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-xp44-8vwr-xwmv, CVE-2019-10428
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:aqua-security-scanner
Affected Version Ranges: <= 3.0.17
Fixed in: 3.0.18