Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2022-29546 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api

CVE-2021-22696 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2

CVE-2020-7645 Vulnerability in npm package chrome-launcher

CVE-2020-12648 Vulnerability in maven package org.webjars.bower:tinymce

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory