GHSA-65rj-cgrp-g65w

Source

https://github.com/advisories/GHSA-65rj-cgrp-g65w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-65rj-cgrp-g65w/GHSA-65rj-cgrp-g65w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-65rj-cgrp-g65w

Aliases

CVE-2019-10391

Published

2022-05-24T16:55:01Z

Modified

2024-01-30T21:43:39.405750Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields

Details

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. This plugin has bee deprecated.

Database specific

{
    "nvd_published_at": "2019-08-28T16:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T21:20:03Z"
}

References

Affected packages

Maven / com.hcl.security:ibm-application-security

Package

Name: com.hcl.security:ibm-application-security; View open source insights on deps.dev
Purl: pkg:maven/com.hcl.security/ibm-application-security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.5

Database specific

{
    "last_known_affected_version_range": "<= 1.2.4"
}