1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-949

[JENKINS:SECURITY-949] Aqua Security Scanner Plugin stores credentials in plain text

Severity Low
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.aquadockerscannerbuildstep.AquaDockerScannerBuilder.xml on the Jenkins controller.
These credentials can be viewed by users with access to the Jenkins controller file system.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/aqua-security-scanner <= 3.0.15
pkg:github/jenkinsci/aqua-security-scanner-plugin <= 3.0.15
ID
JENKINS:SECURITY-949
Severity
low
Published
2019-04-03T00:00:00
(5 years ago)
Modified
2019-04-03T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository aqua-security-scanner repository https://github.com/jenkinsci/aqua-security-scanner-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/aqua-security-scanner org.jenkins-ci.plugins aqua-security-scanner <= 3.0.15
Affected pkg:github/jenkinsci/aqua-security-scanner-plugin jenkinsci aqua-security-scanner-plugin <= 3.0.15
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date