Description
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656
Related Vulnerabilities
CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt
CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner
CVE-2015-1840 Vulnerability in maven package org.webjars.npm:jquery-ujs
CVE-2018-10054 Vulnerability in maven package com.h2database:h2
CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin