CVE-2019-16542

MEDIUM

Jenkins Anchore Container Image Scanner Plugin <1.0.19 - Info Discl...

Title source: llm

Description

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 14.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/anchore_container_image_scanner < 1.0.19
org.jenkins-ci.plugins/anchore-container-scanner < 1.0.20Maven

Timeline

Published Nov 21, 2019
Tracked Since Feb 18, 2026