Description
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2012-5887 Vulnerability in maven package tomcat:catalina
CVE-2023-49145 Vulnerability in maven package org.apache.nifi:nifi-jolt-transform-json-ui
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-jasper