CVE-2019-10427 – org.jenkins-ci.plugins:aqua-microscanner

Package

Manager: maven
Name: org.jenkins-ci.plugins:aqua-microscanner
Vulnerable Version: >=0 <1.0.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00048 pctl0.14562

Details

Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Metadata

Created: 2022-05-24T22:00:44Z
Modified: 2024-01-30T21:18:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vv4q-2w98-4v8g/GHSA-vv4q-2w98-4v8g.json
CWE IDs: ["CWE-319"]
Alternative ID: GHSA-vv4q-2w98-4v8g
Finding: F017
Auto approve: 1