Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2017-16223 Vulnerability in npm package nodeaaaaa

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-engine

CVE-2018-1288 Vulnerability in maven package org.apache.kafka:kafka

CVE-2020-7777 Vulnerability in npm package jsen

CVE-2022-31190 Vulnerability in maven package org.dspace:dspace-xmlui

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory