CVE-2020-2131

Name of the Vulnerable Software and Affected Versions Jenkins Harvest SCM Plugin versions 0.5.1 and earlier

Description The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins master. These passwords can be viewed by users with Extended Read permission or those who have access to the master file system.

Recommendations For Jenkins Harvest SCM Plugin versions 0.5.1 and earlier, update to a version later than 0.5.1 to ensure passwords are stored securely. As a temporary workaround, consider restricting access to the master file system and limiting Extended Read permissions to minimize the risk of password exposure.