Description
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523
Related Vulnerabilities
CVE-2020-2265 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot
CVE-2020-15119 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2016-6797 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-2185 Vulnerability in maven package org.jenkins-ci.plugins:ec2