Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-35204 Vulnerability in npm package vite

CVE-2021-43838 Vulnerability in npm package jsx-slack

CVE-2020-7647 Vulnerability in maven package io.jooby:jooby

CVE-2023-40815 Vulnerability in maven package org.opencrx:opencrx-core-models

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory