Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2018-1332 Vulnerability in maven package org.apache.storm:storm-core

CVE-2018-16487 Vulnerability in npm package lodash._basemerge

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-font

CVE-2022-0086 Vulnerability in npm package uppy

CVE-2021-46361 Vulnerability in maven package info.magnolia:magnolia-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory