Описание
Jenkins veracode-scanner Plugin stores credentials in plain text
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
org.jenkins-ci.plugins:veracode-scanner
maven
Затронутые версииВерсия исправления
<= 1.6
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.