Description
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523
http://www.openwall.com/lists/oss-security/2020/03/09/1
Related Vulnerabilities
CVE-2017-5661 Vulnerability in maven package org.apache.xmlgraphics:fop
CVE-2016-3081 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2019-1003019 Vulnerability in maven package org.jenkins-ci.plugins:github-oauth