Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2019-3580 Vulnerability in maven package org.openrefine:openrefine

CVE-2020-23811 Vulnerability in maven package com.xuxueli:xxl-job

CVE-2020-36381 Vulnerability in npm package aaptjs

CVE-2020-7793 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js

CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory