Jenkins Netsparker Enterprise Scan Plugin stored API tokens unencrypted in its global configuration file `com.netsparker.cloud.plugin.NCScanBuilder.xml` on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system.

Netsparker Enterprise Scan Plugin now stores API tokens encrypted.

Affected Packages

Maven org.jenkins-ci.plugins:netsparker-cloud-scan

Affected versions: 0 (fixed in 1.1.6)

Related CVEs

CVE-2019-10291

Key Information

GHSA ID

GHSA-m7q8-8g56-m78w

Published

May 13, 2022 1:15 AM

Last Modified

October 26, 2023 8:54 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:netsparker-cloud-scan

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.