Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form

2022-05-2422:00:44

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CPENameOperatorVersion
org.jenkins-ci.plugins:aqua-security-scannereq3.0.17
org.jenkins-ci.plugins:aqua-security-scannereq1.1
org.jenkins-ci.plugins:aqua-security-scannereq3.0.10
org.jenkins-ci.plugins:aqua-security-scannereq3.0.14
org.jenkins-ci.plugins:aqua-security-scannereq3.0.9
org.jenkins-ci.plugins:aqua-security-scannereq3.0.3
org.jenkins-ci.plugins:aqua-security-scannereq3.0.11
org.jenkins-ci.plugins:aqua-security-scannereq1.3.1
org.jenkins-ci.plugins:aqua-security-scannereq3.0.6
org.jenkins-ci.plugins:aqua-security-scannereq1.3

Name	Operator	Version
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.17
org.jenkins-ci.plugins:aqua-security-scanner	eq	1.1
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.10
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.14
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.9
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.3
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.11
org.jenkins-ci.plugins:aqua-security-scanner	eq	1.3.1
org.jenkins-ci.plugins:aqua-security-scanner	eq	3.0.6
org.jenkins-ci.plugins:aqua-security-scanner	eq	1.3