CVE-2020-2153
CVE-2020-2153 affects Jenkins Backlog Plugin versions 2.4 and earlier. The root cause is that credentials are transmitted in plain text as part of job configuration forms, while stored credentials remain encrypted on disk. This can expose credentials to users with Extended Read permission when co...