CVE-2019-10397

low

Description

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

References

https://jenkins.io/security/advisory/2019-09-12/#SECURTY-1509

http://www.openwall.com/lists/oss-security/2019/09/12/2

Details

Source: Mitre, NVD

Published: 2019-09-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00033

Detections

Analytics