Description
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656
Related Vulnerabilities
CVE-2019-5413 Vulnerability in npm package morgan
CVE-2018-16459 Vulnerability in npm package exceljs
CVE-2021-28100 Vulnerability in maven package com.netflix.priam:priam
CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common