Description
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656
Related Vulnerabilities
CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-35204 Vulnerability in npm package vite
CVE-2021-43838 Vulnerability in npm package jsx-slack
CVE-2020-7647 Vulnerability in maven package io.jooby:jooby
CVE-2023-40815 Vulnerability in maven package org.opencrx:opencrx-core-models