CVE-2020-2150

Name of the Vulnerable Software and Affected Versions Jenkins Sonar Quality Gates Plugin versions 1.3.1 and earlier

Description The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. The credentials are stored encrypted on disk in the org.quality.gates.jenkins.plugin.GlobalConfig.xml file on the Jenkins controller but are sent in plain text as part of the configuration form. This could lead to credential exposure through browser extensions, cross-site scripting vulnerabilities, or similar situations.

Recommendations For Jenkins Sonar Quality Gates Plugin versions 1.3.1 and earlier, consider updating to a version where this issue is resolved, as the current version transmits credentials in plain text. At the moment, there is no information about a newer version that contains a fix for this vulnerability.