Vulnerability in Jenkins Aqua_security_scanner
CVE-2019-1003069
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
EPSS: 0.014 (68.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Jenkins Aqua_security_scanner
- Jenkins Project Aqua Security Scanner Plugin — versions all versions as of 2019-04-03
Weakness classification (CWE)
References
- jenkinsci-cert@googlegroups.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- jenkinsci-cert@googlegroups.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- jenkinsci-cert@googlegroups.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-1003069?
- CVE-2019-1003069 is a high-severity vulnerability in Jenkins Aqua_security_scanner, classified under Missing Encryption of Sensitive Data. CVSS score: 8.8/10. Published 2019-04-04.
- How severe is CVE-2019-1003069?
- High severity. CVSS v3 base score is 8.8 out of 10.