15 matches found
The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server, related to the lack of data encryption measures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server is related to the lack of data encryption measures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Cleartext Storage of Sensitive Information
Overview org.jenkins-ci.plugins:aqua-security-scanner is a Jenkins plugin for calling the Aqua API to scan a Docker image Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the storage of Scanner Tokens for Aqua API in config.xml files on the...
CVE-2025-53653
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...
Jenkins plugin Aqua Security Scanner 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
GHSA-XP44-8VWR-XWMV Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.aquadockerscannerbuildstep.AquaDockerScannerBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
GHSA-3J3V-7F8F-V2XP Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.aquadockerscannerbuildstep.AquaDockerScannerBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10428
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10428
The CVE refers to Jenkins Aqua Security Scanner Plugin (versions 3.0.17 and earlier). The root cause is that the plugin transmitted configured credentials in plain text within the global Jenkins configuration form, potentially exposing them. Affected component: Jenkins Aqua Security Scanner Plugi...
CloudBees Jenkins Aqua Security Scanner Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Aqua Security Scanner Plugin is used in one o...