Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected Packages

Maven org.jenkins-ci.plugins:aqua-security-scanner

Affected versions: 0 (fixed in 3.0.18)

Related CVEs

CVE-2019-10428

Key Information

GHSA ID

GHSA-xp44-8vwr-xwmv

Published

May 24, 2022 10:00 PM

Last Modified

January 30, 2024 9:18 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:aqua-security-scanner

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.