Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. This plugin has bee deprecated.

Affected Packages

Maven com.hcl.security:ibm-application-security

Affected versions: 0 (fixed in 1.2.5)

Related CVEs

CVE-2019-10391

Key Information

GHSA ID

GHSA-65rj-cgrp-g65w

Published

May 24, 2022 4:55 PM

Last Modified

January 30, 2024 9:20 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.hcl.security:ibm-application-security

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.