Description
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523
Related Vulnerabilities
CVE-2017-1000092 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2019-10354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-20834 Vulnerability in maven package org.webjars:tar
CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online