Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2019-6283 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2020-7708 Vulnerability in npm package @irrelon/path

CVE-2018-16479 Vulnerability in npm package http-live-simulator

CVE-2019-5748 Vulnerability in maven package org.traccar:traccar

CVE-2019-0192 Vulnerability in maven package org.apache.solr:solr-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory