Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2017-1000092 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2019-10354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-20834 Vulnerability in maven package org.webjars:tar

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles: org.openhab.binding.bosesoundtouch

CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory