-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on plaintext credential exposure in configuration forms. Jenkins plugins typically handle credentials through getter methods in DescriptorImpl classes that bind to UI elements. The advisory explicitly states credentials were stored encrypted but transmitted decrypted, indicating the getter method responsible for populating the form field returned the plaintext secret. The function name follows Jenkins plugin conventions (DescriptorImpl pattern) and matches the credential handling workflow described in the advisory.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:aqua-microscanner | maven | <= 1.0.7 | 1.0.8 |