Information Exposure Affecting com.cloudcoreo.plugins:cloudcoreo-deploytime package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-COMCLOUDCOREOPLUGINS-450037
- published 17 Jun 2019
- disclosed 3 Apr 2019
- credit Viktor Gazdag
How to fix?
There is no fixed version for com.cloudcoreo.plugins:cloudcoreo-deploytime
.
Overview
com.cloudcoreo.plugins:cloudcoreo-deploytime is a Jenkins plugin for using CloudCoreo's DeployTime service.
Affected versions of this package are vulnerable to Information Exposure. The plugin stores credentials unencrypted in its global configuration file: com.cloudcoreo.plugins.jenkins.CloudCoreoBuildWrapper.xml
on the Jenkins master.
These credentials can be viewed by users with access to the master file system.
References
CVSS Scores
version 3.1