Description

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656

Related Vulnerabilities

CVE-2018-17421 Vulnerability in maven package com.zrlog:zrlog

CVE-2019-1010260 Vulnerability in maven package com.github.shyiko:ktlint

CVE-2019-0201 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2018-20821 Vulnerability in npm package node-sass

CVE-2019-10785 Vulnerability in maven package org.webjars.npm:dojox

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory