CVE-2019-10428

Cleartext Transmission of Sensitive Information in maven/org.jenkins-ci.plugins/aqua-security-scanner

Identifiers

GHSA-xp44-8vwr-xwmv, CVE-2019-10428

Package Slug

maven/org.jenkins-ci.plugins/aqua-security-scanner

Vulnerability

Cleartext Transmission of Sensitive Information

Description

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected Versions

All versions up to 3.0.17

Solution

Upgrade to version 3.0.18 or above.

Last Modified

2024-01-31

source