Insufficiently Protected Credentials Affecting com.catalogic.ecxjenkins:catalogic-ecx Open this link in a new tab package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
14 Feb 2020
12 Feb 2020
James Holderness, IB Boost
How to fix?
There is no fixed version for
com.catalogic.ecxjenkins:catalogic-ecx is a plugin to deploy VMs, Volumes, or Applications for Test Dev
Affected versions of this package are vulnerable to Insufficiently Protected Credentials. It stores a password unencrypted in job
config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.