Insufficiently Protected Credentials Affecting de.wellnerbou.jenkins:git-changelog Open this link in a new tab package, versions [,2.18)
Do your applications use this vulnerable package?
26 Sep 2019
25 Sep 2019
James Holderness, IB Boost
How to fix?
de.wellnerbou.jenkins:git-changelog to version 2.18 or higher.
de.wellnerbou.jenkins:git-changelog is a plugin that creates a changelog, or release notes, based on Git commits between 2 revisions.
Affected versions of this package are vulnerable to Insufficiently Protected Credentials. Credentials were found to be stored in plain text in job
config.xml files on the Jenkins master. This can be viewed by users with
Extended Read permission, or access to the master file system.