Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nZzhyLTI0cW0tcWZjaM4AAgmS
Jenkins Aqua MicroScanner Plugin stored credentials in plain text
Jenkins Aqua MicroScanner Plugin stored credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.
Aqua MicroScanner Plugin now stores credentials encrypted.
Permalink: https://github.com/advisories/GHSA-gg8r-24qm-qfchJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZzhyLTI0cW0tcWZjaM4AAgmS
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-gg8r-24qm-qfch, CVE-2019-10316
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10316
- https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1380
- http://www.openwall.com/lists/oss-security/2019/04/30/5
- https://web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159
- https://github.com/advisories/GHSA-gg8r-24qm-qfch
Affected Packages
maven:org.jenkins-ci.plugins:aqua-microscanner
Affected Version Ranges: <= 1.0.5Fixed in: 1.0.6