elOyente Plugin stores a password unencrypted in its global configuration file com.technicolor.eloyente.ElOyente.xm
l on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system.
As of publication of this advisory, there is no fix.
CPE | Name | Operator | Version |
---|---|---|---|
com.technicolor:eloyente | eq | 1.3 | |
com.technicolor:eloyente | eq | 1.2 | |
com.technicolor:eloyente | eq | 1.0 |