Credential Exposure Affecting org.jenkins-ci.plugins:repository-connector package, versions [0,]
Snyk CVSS
Attack Complexity
High
User Interaction
Required
Threat Intelligence
EPSS
0.09% (39th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-559584
- published 10 Mar 2020
- disclosed 9 Mar 2020
- credit James Holderness, IB Boost
Introduced: 9 Mar 2020
CVE-2020-2149 Open this link in a new tabHow to fix?
There is no fixed version for org.jenkins-ci.plugins:repository-connector.
Overview
org.jenkins-ci.plugins:repository-connector is a repository Connector Jenkins plugin that adds a build step which allows to resolve artifacts from a maven repository like nexus.
Affected versions of this package are vulnerable to Credential Exposure. It transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.