CVE-2019-10397

3.1LOW

Key Information:

Vendor
Jenkins
Status
Jenkins Aqua Security Serverless Scanner Plugin
Vendor
CVE Published:
12 September 2019

Summary

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

Affected Version(s)

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier

References

http://www.openwall.com/lists/oss-security/2019/09/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-09-12/#SECURTY-...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.