CVE-2019-1003069

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin (affected versions not specified)

Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins Aqua Security Scanner Plugin. Specifically, credentials are stored in the org.jenkinsci.plugins.aquadockerscannerbuildstep.AquaDockerScannerBuilder.xml file on the Jenkins controller. Users with access to the Jenkins controller file system can view these credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.