CVE-2020-2149

2020-03-0916:15:14

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

CPENameOperatorVersion
repository-connector-plugineqrepository-connector-0.7.0
repository-connector-plugineqrepository-connector-1.2.2
repository-connector-plugineqrepository-connector-1.2.1
repository-connector-plugineqrepository-connector-1.0.0
repository-connector-plugineqrepository-connector-0.8.2
repository-connector-plugineqrepository-connector-1.2.3
repository-connector-plugineqrepository-connector-1.2.0
repository-connector-plugineqrepository-connector-1.2.5
repository-connector-plugineqrepository-connector-0.6.1
repository-connector-plugineqrepository-connector-1.1.3

Name	Operator	Version
repository-connector-plugin	eq	repository-connector-0.7.0
repository-connector-plugin	eq	repository-connector-1.2.2
repository-connector-plugin	eq	repository-connector-1.2.1
repository-connector-plugin	eq	repository-connector-1.0.0
repository-connector-plugin	eq	repository-connector-0.8.2
repository-connector-plugin	eq	repository-connector-1.2.3
repository-connector-plugin	eq	repository-connector-1.2.0
repository-connector-plugin	eq	repository-connector-1.2.5
repository-connector-plugin	eq	repository-connector-0.6.1
repository-connector-plugin	eq	repository-connector-1.1.3