CVE-2020-2149: Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form…

medium5.3CVSS 3.1

AVNACLPRNUINSUCLINAN

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
jenkins	audit_trail_plugin	—	—
jenkins	backlog_plugin	—	—
jenkins	cobertura_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	cryptomove_plugin	—	—
jenkins	deployhub_plugin	—	—
jenkins	git_plugin	—	—
jenkins	literate_plugin	—	—
jenkins	logstash_plugin	—	—
jenkins	mac_cloud_host_launched_by_the_plugin	—	—
jenkins	mac_plugin	—	—
jenkins	openshift_deployer_plugin	—	—
jenkins	p4_plugin	—	—
jenkins	quality_gates_plugin	—	—
jenkins	repository_connector	<= 1.2.6	—
jenkins	repository_connector_plugin	—	—
jenkins	rundeck_plugin	—	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	skytap_cloud_ci_plugin	—	—
jenkins	sonar_quality_gates_plugin	—	—
jenkins	subversion_release_manager_plugin	—	—
jenkins	timestamper_plugin	—	—
jenkins	yaml_input_files_to_literate_plugin	—	—
jenkins	zephyr_enterprise_test_management_plugin	—	—