Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2015-2575 Vulnerability in maven package mysql:mysql-connector-java

CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step

CVE-2017-12626 Vulnerability in maven package org.apache.poi:poi-scratchpad

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2019-0219 Vulnerability in npm package cordova-plugin-inappbrowser

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory