CVE-2020-2149

Cleartext Transmission of Sensitive Information in maven/org.jenkins-ci.plugins/repository-connector

Identifiers

GHSA-4fjc-fwj2-7xfg, CVE-2020-2149

Package Slug

maven/org.jenkins-ci.plugins/repository-connector

Vulnerability

Cleartext Transmission of Sensitive Information

Description

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Affected Versions

All versions up to 1.2.6

Solution

Upgrade to version 2.0.0 or above.

Last Modified

2023-01-15

source