CVE-2019-1003069

CWE-3115 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 76.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins Aqua Security Scanner Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_aqua_security_scanner_pluginall versions as of 2019-04-03

🔴Vulnerability Details

3
OSV
Jenkins Aqua Security Scanner Plugin stores credentials in plain text2022-05-13
GHSA
Jenkins Aqua Security Scanner Plugin stores credentials in plain text2022-05-13
CVEList
CVE-2019-1003069: Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by2019-04-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-032019-04-03
CVE-2019-1003069 (HIGH CVSS 8.8) | Jenkins Aqua Security Scanner Plugi | cvebase.io