Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2019-10407 Vulnerability in maven package hudson.plugins:project-inheritance

CVE-2022-40151 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2019-16777 Vulnerability in npm package bin-links

CVE-2021-32808 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2019-14862 Vulnerability in maven package org.jszip.redist:knockout

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory