CVE-2019-10397

Cleartext Transmission of Sensitive Information in packagist/org.jenkins-ci.plugins/aqua-serverless

Identifiers

GHSA-56gj-927p-mfph, CVE-2019-10397

Package Slug

packagist/org.jenkins-ci.plugins/aqua-serverless

Vulnerability

Cleartext Transmission of Sensitive Information

Description

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

Affected Versions

All versions up to 1.0.4

Solution

Upgrade to version 1.0.5 or above.

Last Modified

2024-01-31

source