Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
17 Jun 2019
3 Apr 2019
How to fix?
There is no fixed version for
com.cloudcoreo.plugins:cloudcoreo-deploytime is a Jenkins plugin for using CloudCoreo's DeployTime service.
Affected versions of this package are vulnerable to Information Exposure. The plugin stores credentials unencrypted in its global configuration file:
com.cloudcoreo.plugins.jenkins.CloudCoreoBuildWrapper.xml on the Jenkins master.
These credentials can be viewed by users with access to the master file system.