Jenkins · Jenkins Sqlplus Script Runner Plugin · CVE-2020-2312
**Name of the Vulnerable Software and Affected Versions**
Jenkins SQLPlus Script Runner Plugin versions 2.0.12 and earlier
**Description**
The issue concerns the Jenkins SQLPlus Script Runner Plugin, where a password provided as a command line argument is not masked in build logs. This allows users with Item/Read permission to view the password, as it is printed in the build logs along with the `sqlplus` command invocation.
**Recommendations**
For Jenkins SQLPlus Script Runner Plugin versions 2.0.12 and earlier, update to version 2.0.13 or later to resolve the issue, as it no longer prints the password in the build logs.