Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

http://www.openwall.com/lists/oss-security/2020/07/02/7

Related Vulnerabilities

CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron

CVE-2018-16115 Vulnerability in maven package com.typesafe.akka:akka-actor_2.11

CVE-2020-13926 Vulnerability in maven package org.apache.kylin:kylin-server

CVE-2022-24847 Vulnerability in maven package org.geoserver.web:gs-web-sec-jdbc

CVE-2015-5254 Vulnerability in maven package org.apache.activemq:activemq-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Third Party Advisory