Lucene search
GoogleOSV:GHSA-M7Q8-8G56-M78WHistoryMay 13, 2022 - 1:15 a.m.
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
2022-05-1301:15:03
Google
osv.dev
3
jenkins
netsparker
enterprise scan plugin
credentials
plain text
api tokens
encrypted
global configuration file
api tokens
unencrypted
jenkins controller
file system
software
Jenkins Netsparker Enterprise Scan Plugin stored API tokens unencrypted in its global configuration file com.netsparker.cloud.plugin.NCScanBuilder.xml on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system.
Netsparker Enterprise Scan Plugin now stores API tokens encrypted.
Related
prion
prion
Design/Logic Flaw
2019-04-04 16:29:00
cve
cve
CVE-2019-10291
2019-04-04 16:29:02
osv
osv
CVE-2019-10291
2019-04-04 16:29:02
cvelist
cvelist
CVE-2019-10291
2019-04-04 15:38:50
nvd
nvd
CVE-2019-10291
2019-04-04 16:29:02
github
github
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
2022-05-13 01:15:03