CVE-2020-2150

CVE-2020-2150

EPSS 0.6%

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Affected products

Jenkins project · Jenkins Sonar Quality Gates Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523 http://www.openwall.com/lists/oss-security/2020/03/09/1