GHSA-xp44-8vwr-xwmv

Suggest an improvement
Source
https://github.com/advisories/GHSA-xp44-8vwr-xwmv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xp44-8vwr-xwmv/GHSA-xp44-8vwr-xwmv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-xp44-8vwr-xwmv
Aliases
  • CVE-2019-10428
Published
2022-05-24T22:00:44Z
Modified
2024-01-30T21:26:50.392685Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
Details

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Database specific
{
    "nvd_published_at": "2019-09-25T16:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T21:18:20Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:aqua-security-scanner

Package

Name
org.jenkins-ci.plugins:aqua-security-scanner
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/aqua-security-scanner

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.18

Affected versions

1.*

1.1
1.2
1.3
1.3.1
1.3.2
1.3.3

2.*

2.0

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17

Database specific

{
    "last_known_affected_version_range": "<= 3.0.17"
}