Credential Exposure Affecting com.parasoft:environment-manager Open this link in a new tab package, versions [0,]
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMPARASOFT-548698
-
published
13 Feb 2020
-
disclosed
12 Feb 2020
-
credit
James Holderness, IB Boost
Introduced: 12 Feb 2020
CVE-2020-2132 Open this link in a new tabHow to fix?
There is no fixed version for com.parasoft:environment-manager
.
Overview
com.parasoft:environment-manager is a third party integration tool for Parasoft Environment Manager.
Affected versions of this package are vulnerable to Credential Exposure. Jenkins Parasoft Environment Manager Plugin stores a password unencrypted in job config.xml
files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.