Vulnerability in Jenkins Aqua_security_scanner

CVE-2019-1003069

Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

EPSS: 0.014 (68.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2019-1003069?
CVE-2019-1003069 is a high-severity vulnerability in Jenkins Aqua_security_scanner, classified under Missing Encryption of Sensitive Data. CVSS score: 8.8/10. Published 2019-04-04.
How severe is CVE-2019-1003069?
High severity. CVSS v3 base score is 8.8 out of 10.