Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

Related Vulnerabilities

CVE-2020-1697 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

CVE-2018-12533 Vulnerability in maven package org.richfaces:richfaces-a4j

CVE-2023-29924 Vulnerability in maven package tech.powerjob:powerjob

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

CVE-2021-25929 Vulnerability in maven package org.opennms:opennms-webapp

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory