[MAVEN:GHSA-3FPX-G9H3-HH8X] Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Package	Affected Version
pkg:maven/io.jenkins.plugins/neuvector-vulnerability-scanner	<= 1.5

Package	Fixed Version
pkg:maven/io.jenkins.plugins/neuvector-vulnerability-scanner	= 1.6

ID

MAVEN:GHSA-3FPX-G9H3-HH8X

Severity

moderate

URL

https://github.com/advisories/GHSA-3fpx-g9h3-hh8x

Published

2022-05-24T22:00:44
(2 years ago)

Modified

2024-01-30T21:17:57
(7 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-1504

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-10430
			https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504
			http://www.openwall.com/lists/oss-security/2019/09/25/3
			https://github.com/advisories/GHSA-3fpx-g9h3-hh8x

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/io.jenkins.plugins/neuvector-vulnerability-scanner	io.jenkins.plugins	neuvector-vulnerability-scanner	<= 1.5
Fixed	pkg:maven/io.jenkins.plugins/neuvector-vulnerability-scanner	io.jenkins.plugins	neuvector-vulnerability-scanner	= 1.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date