Miggo Logo
Miggo Vulnerability Database
CVE-2019-10428

CVE-2019-10428: Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-10428
GHSA ID
GHSA-xp44-8vwr-xwmv
EPSS Score
0.26162%
CWE
CWE-319
Published
5/24/2022
Updated
1/30/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:aqua-security-scannermaven<= 3.0.173.0.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable functions are likely those that handle the transmission of credentials in the global configuration form of the Aqua Security Scanner Plugin. The exact function names are inferred based on typical plugin structure and the nature of the vulnerability. The confidence level is medium because while we can infer the likely location and type of functions involved, the exact names and paths are not directly provided in the given information.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *qu* S**urity S**nn*r Plu*in *.*.** *n* **rli*r tr*nsmitt** *on*i*ur** *r***nti*ls in pl*in t*xt *s p*rt o* t** *lo**l J*nkins *on*i*ur*tion *orm, pot*nti*lly r*sultin* in t**ir *xposur*.

Reasoning

T** vuln*r**l* *un*tions *r* lik*ly t*os* t**t **n*l* t** tr*nsmission o* *r***nti*ls in t** *lo**l `*on*i*ur*tion` *orm o* t** *qu* S**urity S**nn*r Plu*in. T** *x**t *un*tion n*m*s *r* in**rr** **s** on typi**l plu*in stru*tur* *n* t** n*tur* o* t*