Insufficiently Protected Credentials Affecting com.catalogic.ecxjenkins:catalogic-ecx Open this link in a new tab package, versions [0,]
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMCATALOGICECXJENKINS-548794
-
published
14 Feb 2020
-
disclosed
12 Feb 2020
-
credit
James Holderness, IB Boost
Introduced: 12 Feb 2020
CVE-2020-2128 Open this link in a new tabHow to fix?
There is no fixed version for com.catalogic.ecxjenkins:catalogic-ecx
.
Overview
com.catalogic.ecxjenkins:catalogic-ecx is a plugin to deploy VMs, Volumes, or Applications for Test Dev
Affected versions of this package are vulnerable to Insufficiently Protected Credentials. It stores a password unencrypted in job config.xml
files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.