Description

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523

http://www.openwall.com/lists/oss-security/2020/03/09/1

Related Vulnerabilities

CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs

CVE-2021-20327 Vulnerability in npm package mongodb-client-encryption

CVE-2020-2091 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2020-11022 Vulnerability in npm package jquery

CVE-2021-32013 Vulnerability in npm package xlsx

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Third Party Advisory