Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
Storing a password in plaintext may result in a system compromise.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Statistics_gatherer | Jenkins | * | 2.0.3 (including) |