Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Asakusasatellite | Jenkins | * | 0.1.1 (including) |