Jenkins Aqua Security Scanner Plugin Plaintext Token Storage Vulnerability

Vulnerability

A vulnerability exists in the Aqua Security Scanner Plugin for Jenkins, specifically in versions 3.2.8 and earlier. The plugin stores Scanner Tokens for Aqua API in an unencrypted format within job config.xml files on the Jenkins controller. This sensitive information can be accessed by users with Item/Extended Read permission or those who have access to the Jenkins controller file system.

Impact

The vulnerability allows for unauthorized access to sensitive API tokens, which could be misused to interact with Aqua's services on behalf of the user.

Added: Jul 9, 2025, 5:15 PM

Updated: Jul 9, 2025, 5:15 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Aqua Security Scanner Plugin Plaintext Token Storage Vulnerability

Vulnerability

Impact

Affected Products

Jenkins Aqua Security Scanner Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating