CVE-2019-10316 – org.jenkins-ci.plugins:aqua-microscanner

Package

Manager: maven
Name: org.jenkins-ci.plugins:aqua-microscanner
Vulnerable Version: >=0 <1.0.6

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0008 pctl0.24411

Details

Jenkins Aqua MicroScanner Plugin stored credentials in plain text Jenkins Aqua MicroScanner Plugin stored credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Aqua MicroScanner Plugin now stores credentials encrypted.

Metadata

Created: 2022-05-24T16:44:55Z
Modified: 2023-10-26T21:54:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gg8r-24qm-qfch/GHSA-gg8r-24qm-qfch.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-gg8r-24qm-qfch
Finding: F035
Auto approve: 1