GHSA-m7q8-8g56-m78w

Source

https://github.com/advisories/GHSA-m7q8-8g56-m78w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7q8-8g56-m78w/GHSA-m7q8-8g56-m78w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m7q8-8g56-m78w

Aliases

CVE-2019-10291

Published

2022-05-13T01:15:03Z

Modified

2024-02-16T08:09:35.675952Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text

Details

Jenkins Netsparker Enterprise Scan Plugin stored API tokens unencrypted in its global configuration file com.netsparker.cloud.plugin.NCScanBuilder.xml on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system.

Netsparker Enterprise Scan Plugin now stores API tokens encrypted.

Database specific

{
    "nvd_published_at": "2019-04-04T16:29:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T20:54:39Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:netsparker-cloud-scan

Package

Name: org.jenkins-ci.plugins:netsparker-cloud-scan; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/netsparker-cloud-scan

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.6

Affected versions

1.*

1.1.0

1.1.1

1.1.2

1.1.3

1.1.5

Database specific

{
    "last_known_affected_version_range": "<= 1.1.5"
}