CVE-2020-2157

Name of the Vulnerable Software and Affected Versions Jenkins Skytap Cloud CI Plugin versions 2.07 and earlier

Description The issue concerns the transmission of configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. The credentials are stored encrypted on disk in config.xml files but are transmitted in plain text by the plugin. This could allow users with Extended Read permission to view these credentials.

Recommendations For Jenkins Skytap Cloud CI Plugin versions 2.07 and earlier, consider updating to a version that addresses this issue, as the current version transmits credentials in plain text. At the moment, there is no information about a newer version that contains a fix for this vulnerability.