CVE-2020-2149

MEDIUM

Jenkins Repository Connector Plugin < 1.2.6 - Cleartext Transmission of Sensitive Credentials

Title source: llm

Description

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1520

Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/03/09/1

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 7.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-319

Status published

Products (2)

jenkins/repository_connector < 1.2.6

org.jenkins-ci.plugins/repository-connector 0 - 2.0.0Maven

Published Mar 09, 2020

Tracked Since Feb 18, 2026