GHSA-vv4q-2w98-4v8g

Suggest an improvement
Source
https://github.com/advisories/GHSA-vv4q-2w98-4v8g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vv4q-2w98-4v8g/GHSA-vv4q-2w98-4v8g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vv4q-2w98-4v8g
Aliases
Published
2022-05-24T22:00:44Z
Modified
2024-02-16T08:12:35.292306Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Details

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Database specific 
{
    "nvd_published_at": "2019-09-25T16:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T21:18:34Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:aqua-microscanner

Package

Name
org.jenkins-ci.plugins:aqua-microscanner
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/aqua-microscanner

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7

Database specific 

{
    "last_known_affected_version_range": "<= 1.0.7"
}