CVE-2020-2151

Name of the Vulnerable Software and Affected Versions Jenkins Quality Gates Plugin versions 2.5 and earlier

Description The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. This potentially results in their exposure. The credentials are stored encrypted on disk in the quality.gates.jenkins.plugin.GlobalConfig.xml file on the Jenkins controller but are transmitted in plain text as part of the configuration form. This can lead to exposure through browser extensions, cross-site scripting vulnerabilities, and similar situations.

Recommendations For Jenkins Quality Gates Plugin versions 2.5 and earlier, consider updating to a version that addresses this issue, as the current version transmits credentials in plain text. At the moment, there is no information about a newer version that contains a fix for this vulnerability.