CVE-2019-10397 – org.jenkins-ci.plugins:aqua-serverless

Package

Manager: maven
Name: org.jenkins-ci.plugins:aqua-serverless
Vulnerable Version: >=0 <1.0.5

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00033 pctl0.07994

Details

Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

Metadata

Created: 2022-05-24T16:55:59Z
Modified: 2024-04-01T23:48:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56gj-927p-mfph/GHSA-56gj-927p-mfph.json
CWE IDs: ["CWE-319"]
Alternative ID: GHSA-56gj-927p-mfph
Finding: F332
Auto approve: 1