CVE-2020-2218

Name of the Vulnerable Software and Affected Versions Jenkins HP ALM Quality Center Plugin versions 1.6 and earlier

Description The issue concerns the storage of a password in plain text in the global configuration file, specifically in org.jenkinsci.plugins.qc.QualityCenterIntegrationRecorder.xml, on the Jenkins master. This allows users with access to the master file system to view the password.

Recommendations For Jenkins HP ALM Quality Center Plugin versions 1.6 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.