Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2020-7638 Vulnerability in npm package confinit

CVE-2019-10805 Vulnerability in npm package valib

CVE-2019-1003085 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-enterprise-test-management

CVE-2017-9793 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2022-25927 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory