Credential Exposure Affecting org.jenkins-ci.plugins:backlog package, versions [0,]
Snyk CVSS
Attack Complexity
High
User Interaction
Required
Threat Intelligence
EPSS
0.05% (21st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-559580
- published 10 Mar 2020
- disclosed 9 Mar 2020
- credit James Holderness, IB Boost
Introduced: 9 Mar 2020
CVE-2020-2153 Open this link in a new tabHow to fix?
There is no fixed version for org.jenkins-ci.plugins:backlog
.
Overview
org.jenkins-ci.plugins:backlog is a Jenkins plugin that integrates Backlog to Jenkins.Backlog is an issue tracking system provided by Nulab.
Affected versions of this package are vulnerable to Credential Exposure. It transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.