Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

http://www.openwall.com/lists/oss-security/2020/03/09/1

Related Vulnerabilities

CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-33007 Vulnerability in maven package org.jenkins-ci.plugins:loadcomplete

CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf-rt-security

CVE-2020-14359 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2013-4286 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Third Party Advisory