CVE-2020-2130: 
Java vulnerability analysis and mitigation

Harvest SCM Plugin version 0.5.1 and earlier contains a security vulnerability identified as CVE-2020-2130, which was disclosed on February 12, 2020. The vulnerability affects the global configuration of the plugin and is related to the storage of SCM passwords in plaintext. This vulnerability has been assigned a Medium severity rating (Jenkins Advisory).

The vulnerability exists in the way the Harvest SCM Plugin handles password storage. Specifically, the plugin stores SCM passwords unencrypted in its global configuration file 'hudson.plugins.harvest.HarvestSCM.xml' on the Jenkins controller. This insecure storage practice exposes sensitive credentials to potential unauthorized access (Jenkins Advisory, OSS Security).

The impact of this vulnerability allows unauthorized users with access to the Jenkins controller file system to view the stored SCM passwords in plaintext. This exposure of credentials could potentially lead to unauthorized access to source code management systems and compromise of related resources (Jenkins Advisory).

As of the advisory's publication date (February 12, 2020), no fix was available for this vulnerability. Organizations using affected versions of the Harvest SCM Plugin should implement strict access controls to the Jenkins controller file system to minimize the risk of unauthorized access to the configuration files (Jenkins Advisory).