Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom

CVE-2020-28445 Vulnerability in npm package npm-help

CVE-2017-10910 Vulnerability in maven package org.webjars.npm:mqtt

CVE-2016-10672 Vulnerability in npm package cloudpub-redis

CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory