Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2016-20018 Vulnerability in npm package knex

CVE-2018-8026 Vulnerability in maven package org.apache.solr:solr-core

CVE-2019-0205 Vulnerability in npm package thrift

CVE-2016-10735 Vulnerability in maven package org.jszip.redist:bootstrap

CVE-2019-10355 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory