CVE-2020-2210 Vulnerability in maven package org.jenkins-ci.plugins:stashbranchparameter

Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2018-1000531 Vulnerability in maven package com.inversoft:prime-jwt

CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.11

CVE-2019-15782 Vulnerability in maven package org.webjars.npm:webtorrent

CVE-2018-11797 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2020-9296 Vulnerability in maven package com.netflix.conductor:conductor-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N