Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt

CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner

CVE-2015-1840 Vulnerability in maven package org.webjars.npm:jquery-ujs

CVE-2018-10054 Vulnerability in maven package com.h2database:h2

CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory